Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Flaw found in OSIsoft product deployed in critical infrastructure sectors

Flaw found in OSIsoft product deployed in critical infrastructure sectors

2015/05/13

Securityweek - (International) OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) in which an unauthorized remote attacker could leverage "Trusted Users" group status in some product installations to execute arbitrary structured query language (SQL) statements on the affected system, potentially leading to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions.

Source: http://www.securityweek.com/flaw-found-osisoft-product-deployed-critical-infrastructure-sectors

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:17