OSIsoft created a new version to mitigate a cross-site request forgery in its PI Coresight product, according to a report with ICS-CERT.
PI Coresight 2016 R2 and earlier versions suffer from the remotely exploitable vulnerability, which the OSIsoft self reported.
Successful exploitation of this vulnerability may allow access to the PI System resulting in unauthorized viewing or alteration of PI System data.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
This product contains a cross-site request forgery vulnerability that may allow access to the PI system.
CVE-2017-9641 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.
The product sees action in multiple sectors and across the globe.
OSIsoft recommends users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
For more information about this vulnerability, how to obtain the new version, or how to install the new version, click on OSIsoft’s alert, AL00320.