Rewterz

Rewterz Threat Advisory – CVE-2020-7538 – ICS: Schneider Electric PLC Simulator for EcoStruxure Control Expert

November 12, 2020
Rewterz

Rewterz Threat Alert – Hacker-for-hire Mercenary Group CostaRicto Launches Cyber Attacks

November 13, 2020

Rewterz Threat Advisory – CVE-2020-25163 – ICS: OSIsoft PI Vision

Severity

Medium

Analysis Summary

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into PI Vision. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. 

CVE-2020-25167

PI Vision could disclose information to a user with insufficient privileges for an AF attribute.

Impact

  • Cross-site Scripting
  • Incorrect Authorization

Affected Vendors

OSIsoft

Affected Products

All versions prior to PI Vision 2020 are affected

Remediation

OSIsoft released PI Vision 2020 Version 3.5.0 to address this vulnerability.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.