CVE-2021-43549 : Exploit Details and Defense Strategies
Learn about CVE-2021-43549 impacting OSIsoft PI Web API. Discover the vulnerability's impact, affected systems, mitigation steps, and prevention measures to secure your environment.
CVE-2021-43549, impacting OSIsoft PI Web API, involves a remote attacker tricking users into interacting with a PI Web API endpoint, leading to potential disclosure of sensitive information or provision of false data.
Understanding CVE-2021-43549
What is CVE-2021-43549?
The vulnerability allows a remote authenticated attacker with write access to a PI Server to redirect users to a malicious website through PI Web API, potentially compromising data confidentiality.
The Impact of CVE-2021-43549
- Confidentiality Impact: High
- Integrity Impact: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- CVSS Base Score: 6.9 (Medium)
Technical Details of CVE-2021-43549
Vulnerability Description
The vulnerability facilitates a social engineering attack by redirecting users to a malicious site through the PI Web API.
Affected Systems and Versions
- Product: PI Web API
- Vendor: OSIsoft
- Versions Affected: All versions <= 2019 SPI (custom)
Exploitation Mechanism
An authenticated attacker entices a user to access a specific API endpoint, leading to potential data exposure or misinformation.
Mitigation and Prevention
Immediate Steps to Take
- Upgrade to PI Web API 2021
- Remove OSIsoft.REST.Documentation.dll from the installation directory
- Limit access to built-in documentation
- Avoid adding 'Anonymous' authentication
- Deploy a web application firewall
Long-Term Security Practices
- Regularly audit the AF hierarchy
- Limit access permissions
- Apply Group Policy restrictions for Kerberos authentication
Patching and Updates
Refer to OSIsoft's security bulletin for further guidance on reducing the risk of exploitation.