Vulnerable platform used in power plants enables attackers to run malicious code on user browsers

Otorio’s incident response team identified a high-score vulnerability in OSISoft’s PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01).

ICSA-20-163-01

PI System Architecture implmentation

About OSIsoft Software’s PI System

Installed in some of the world’s largest critical infrastructure facilities, OSIsoft Software’s PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.

The platform collects, stores, and organizes data from all plant data sources, and is accessed by company operators, engineers, managers, and other plant personnel – who retrieve data from it through various HMIs and client side applications, some of them using the PI Web API.

PI System vulnerability (ICSA-20-163-01)

Otorio’s researchers discovered a vulnerability that, if exploited, could enable attackers to run client-side code on client browsers and trick users to provide their credentials to threat actors.

The exploit is implemented when a victim passes the cursor over an infected field in the PI system. This triggers a fake login form that prompts the victim to re-insert his or her user name and password. Researchers created a short video illustrating the exploit.

“Our industrial cybersecurity experts are trained to identify hard-to-find vulnerabilities just like this one – those which can seriously endanger on-site OT network assets,” said Dor Yardeni, Incident Response Team Leader at Otorio. “Working with OSIsoft, we were able to quickly isolate and remediate the vulnerability, allowing them to continue to provide their customers with smart, and safe, digital production solutions,” he concluded.

OSIsoft recommends affected users upgrade to PI Web API 2019 SP1.

Don't miss