AnsweredAssumed Answered

ISA Advisory OSIsoft PI Systems

Question asked by JimRex on May 15, 2020

Has anyone already posted about this Advisory?

 

https://www.us-cert.gov/ics/advisories/icsa-20-133-02

 

1. EXECUTIVE SUMMARY

  • CVSS v3 7.8
  • ATTENTION: Exploitable remotely/low skill level to exploit
  • Vendor: OSIsoft
  • Equipment: PI System
  • Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, Insertion of Sensitive Information into Log File

Outcomes