Number: AV17-123
Date: 9 August 2017
Purpose
The purpose of this advisory is to bring attention to recently released security updates to address input validation and authentication vulnerabilities in various versions of OSIsoft’s PI Integrator products.
Assessment
Successful exploitation of these vulnerabilities could allow an unauthorized user to gain privileged access to the system. An unauthorized user may also be able to store a malicious script in the application database.
Affected Products:
- PI Integrator for SAP HANA 2016,
- PI Integrator for Business Analytics 2016 - Data Warehouse (All Editions),
- PI Integrator for Business Analytics 2016 - Business Intelligence (All Editions),
- PI Integrator for Business Analytics and SAP HANA SQL Utility 2016, and
- PI Integrator for Microsoft Azure 2016
CVE References: CVE-2017-9653, CVE-2017-9655
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications at their earliest convenience. Consider and assess the risk should you have to delay updates and mitigate accordingly.
References: