AVEVA PI Integrator for Business Analytics Sensitive Data Exposure Vulnerability

A vulnerability allowing sensitive data exposure has been identified in AVEVA PI Integrator for Business Analytics, specifically in versions through 2020 R2 SP1. This vulnerability could enable an authenticated user with access to publication targets to retrieve sensitive information, which could then be used to gain additional access to downstream resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, potentially allowing further access to downstream resources.

Remediation

Users are advised to upgrade to PI Integrator for Business Analytics version 2020 R2 SP2 or higher. This update is available through the OSISoft Customer Portal. Additionally, organizations should audit permissions to ensure only trusted users have access to publication targets, and configure publication targets of type Text File or HDFS to limit allowed output file extensions and isolate output folders from critical system components or executable paths.