March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – IOCs- LokiBot Malware
June 12, 2020Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Linx Software
June 12, 2020Rewterz Threat Alert – IOCs- LokiBot Malware
June 12, 2020Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Linx Software
June 12, 2020
Severity
Medium
Analysis Summary
The affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.
Impact
Cross-site Scripting
Affected Vendors
OSIsoft
Affected Products
PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions
Remediation
OSIsoft recommends affected users upgrade to PI Web API 2019 SP1