OTPulse
FeedAboutContact

OSIsoft PI Server 2017

Plan Patch8.9ICS-CERT ICSA-17-164-02Jun 13, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

OSIsoft PI Data Archive versions prior to 2017 contain an authentication bypass vulnerability that allows unauthenticated remote attackers to access and modify the historian database. The vulnerability is remotely exploitable with no user interaction required.

What this means
What could happen
An attacker with network access could bypass authentication on the PI Data Archive, reading sensitive process data or modifying historical records and setpoints that operators rely on for plant diagnostics.
Who's at risk
Water authorities and electric utilities that use OSIsoft PI Data Archive for process historianing should be concerned. This affects operators and engineers who depend on accurate historical process data for diagnostics, regulatory reporting, and alarm analysis.
How it could be exploited
An attacker reaches the PI Data Archive over the network and sends a crafted request that bypasses the authentication mechanism. This allows them to directly query or modify the historian database without valid credentials.
Prerequisites
  • Network access to the PI Data Archive server (typically port 5450)
  • No credentials required due to authentication bypass
remotely exploitableno authentication requiredaffects historian data—data integrity risklow patch availability (older versions)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
PI Data Archive:< 20172017
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to PI Data Archive by deploying firewall rules to limit connections to trusted engineering and SCADA networks only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PI Data Archive to version 2017 or later
Long-term hardening
0/1
HARDENINGSegment PI Data Archive onto a secured internal control network separate from corporate IT and untrusted networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/01af4c7d-fe81-49fb-a9c0-70052e7609ad
OSIsoft PI Server 2017 | CVSS 8.9 - OTPulse