OTORIO Incident Response Team Detects OSIsoft Vulnerability

OTORIO Incident Response Team Detects OSIsoft Vulnerability

18 Jun 2020

Company’s incident response team identifies and reports a vulnerability that enables attackers to run malicious code on user browsers

TEL AVIV, June 17, 2020 - OTORIO, the leading provider of next-generation OT digital and cybersecurity risk management solutions, announced today that its Incident Response (IR) team identified a high-score vulnerability in OSISoft’s popular PI System. OTORIO immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01).

OSIsoft recommends affected users upgrade to PI Web API 2019 SP1. Installed in some of the world’s largest critical infrastructure facilities, OSIsoft Software’s PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves. The platform collects, stores, and organizes data from all plant data sources, and is accessed by company operators, engineers, managers, and other plant personnel – who retrieve data from it through various HMIs and client side applications, some of them using the PI Web API.

OTORIO’s researchers discovered a vulnerability that, if exploited, could enable attackers to run client-side code on client browsers and trick users to provide their credentials to threat actors. The exploit is implemented when a victim passes the cursor over an infected field in the PI system. This triggers a fake login form that prompts the victim to re-insert his or her user name and password. OTORIO created a short video illustrating the exploit, available here.

“Our industrial cybersecurity experts are trained to identify hard-to-find vulnerabilities just like this one – those which can seriously endanger on-site OT network assets,” said Dor Yardeni, Incident Response Team Leader at OTORIO. “Working with OSIsoft, we were able to quickly isolate and remediate the vulnerability, allowing them to continue to provide their customers with smart, and safe, digital production solutions,” he continued. 

About the Vulnerability

The vulnerability (ICSA-20-163-01) affects PI System’s PI Web API 2019 version, and all previous versions. A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user's browser. The update and additional details are available to OSIsoft customers at: https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=0000

OTORIO is an advanced managed security service provider for operational technology and industrial control systems (OT/ICS). The company is led by former IDF cybersecurity experts with decades of experience defending mission-critical infrastructures. OTORIO’s strategic partner, Andritz, is one of the world’s leading providers of industrial automation systems and solutions. The company is known for developing RAM², the industry’s first centralized, simplified, and automated industrial cyber risk management platform. For more information, please visit www.otorio.com.