Rewterz Threat Advisory – CVE-2020-12021 – ICS: OSIsoft PI Web API 2019

June 12, 2020

Severity

Medium

Analysis Summary

The affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.

Impact

Cross-site Scripting

Affected Vendors

OSIsoft

Affected Products

PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions

Remediation

OSIsoft recommends affected users upgrade to PI Web API 2019 SP1

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – IOCs- LokiBot Malware

Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Linx Software

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.