Rewterz Threat Advisory – CVE-2020-7538 – ICS: Schneider Electric PLC Simulator for EcoStruxure Control Expert
November 12, 2020Rewterz Threat Alert – Hacker-for-hire Mercenary Group CostaRicto Launches Cyber Attacks
November 13, 2020Rewterz Threat Advisory – CVE-2020-7538 – ICS: Schneider Electric PLC Simulator for EcoStruxure Control Expert
November 12, 2020Rewterz Threat Alert – Hacker-for-hire Mercenary Group CostaRicto Launches Cyber Attacks
November 13, 2020Severity
Medium
Analysis Summary
CVE-2020-25163
A remote attacker with write access to PI ProcessBook files could inject code that is imported into PI Vision. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display.
CVE-2020-25167
PI Vision could disclose information to a user with insufficient privileges for an AF attribute.
Impact
- Cross-site Scripting
- Incorrect Authorization
Affected Vendors
OSIsoft
Affected Products
All versions prior to PI Vision 2020 are affected
Remediation
OSIsoft released PI Vision 2020 Version 3.5.0 to address this vulnerability.