Security News > 2020 > June > Vulnerable platform used in power plants enables attackers to run malicious code on user browsers

Vulnerable platform used in power plants enables attackers to run malicious code on user browsers
2020-06-18 11:58

Otorio's incident response team identified a high-score vulnerability in OSISoft's PI System.

Installed in some of the world's largest critical infrastructure facilities, OSIsoft Software's PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.

The platform collects, stores, and organizes data from all plant data sources, and is accessed by company operators, engineers, managers, and other plant personnel - who retrieve data from it through various HMIs and client side applications, some of them using the PI Web API. PI System vulnerability.

Otorio's researchers discovered a vulnerability that, if exploited, could enable attackers to run client-side code on client browsers and trick users to provide their credentials to threat actors.

"Working with OSIsoft, we were able to quickly isolate and remediate the vulnerability, allowing them to continue to provide their customers with smart, and safe, digital production solutions," he concluded.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/7Vhq9La4Ymo/