Risk Summary
Successful exploitation of these vulnerabilities could lead to information disclosure, modification, or deletion.
CVEs (2)
Remediations
- OSIsoft recommends upgrading to PI vision 2021. Information can be found in the OSIsoft PI Vision security bulletin (registration required).
- Configure Publisher and Explorer roles in PI Vision User Access Levels to restrict which users can create or modify displays.
- Remove any Limits properties from AF child attributes using PI System Explorer or a bulk editing tool.
- Use a modern web browser such as Microsoft Edge, Google Chrome, or Mozilla FireFox. Do not use Microsoft Internet Explorer.
- If upgrade is not an option, administrators should regularly audit the AF hierarchy to ensure there are no unexpected or unknown elements, attributes, or attribute properties. It is recommended security on elements in AF be configured and enforced in addition to configuring PI point security.
- Potential unauthorized viewing of PI System data due to this issue is limited to permissions granted to the PI Vision Application Pool Identity. Configure a dedicated identity mapping for PI Vision servers and manage permissions in accordance with a data classification policy.
- See OSIsoft customer portal knowledge article for additional details and associated security updates (registration required).
Affected Vendors
OSIsoft LLC
Affected Products (1)
OSIsoft LLC
·
PI Vision
< 2021
Affected Sectors
Multiple Sectors
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more