OTPulse
FeedAboutContact

OSIsoft Multiple Vulnerabilities

Low RiskICS-CERT ICSA-13-225-02May 16, 2013
Summary

OSIsoft PI Interface for IEEE C37.118 versions prior to 1.0.6.158 contain a buffer overflow vulnerability (CWE-119) in the handling of IEEE C37.118 protocol messages. The vulnerability allows remote exploitation through malformed synchrophasor data packets. No vendor patch is currently available for this product.

What this means
What could happen
An attacker could cause a buffer overflow in the PI Interface for IEEE C37.118, potentially crashing the interface or executing arbitrary code on the system running the interface, disrupting data collection from synchrophasors and other power grid monitoring equipment.
Who's at risk
Water and electric utilities, grid operators, and power system monitoring centers that use OSIsoft PI System to collect and analyze synchrophasor data from IEEE C37.118-compliant phasor measurement units (PMUs) should assess their exposure. This affects any organization using the PI Interface for IEEE C37.118 to ingest real-time power system data.
How it could be exploited
An attacker would need to send specially crafted IEEE C37.118 protocol messages to the PI Interface. If the interface is reachable from the network and the attacker can send malformed phasor data packets, they could overflow a buffer in the interface processing logic and gain code execution on the host system.
Prerequisites
  • Network access to the PI Interface for IEEE C37.118 on the port it listens on (typically UDP or TCP for synchrophasor data)
  • Ability to send IEEE C37.118 protocol messages to the interface
  • No authentication appears to be required to send malicious protocol messages
remotely exploitablebuffer overflow vulnerabilityno patch availableaffects critical infrastructure monitoringno authentication required for protocol messages
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
PI Interface for IEEE C37.118: <1.0.6.158.<1.0.6.158.No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the PI Interface for IEEE C37.118 using firewall rules. Only allow synchrophasor data sources and monitoring systems that need to communicate with the interface to reach it on the configured port.
WORKAROUNDMonitor the PI Interface for crashes, errors, or unexpected restarts that may indicate exploitation attempts.
Mitigations - no patch available
0/2
PI Interface for IEEE C37.118: <1.0.6.158. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the network so that the PI Interface is isolated from untrusted networks and only receives input from known, trusted phasor measurement unit (PMU) sources.
HARDENINGReview OSIsoft PI System security advisories and maintain awareness of any future patches or workarounds for this product line.
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/7aa1c5c4-de3b-452a-b5d5-0076419767c6
OSIsoft Multiple Vulnerabilities - OTPulse