CVE-2021-43549: OSIsoft PI Web API

Q: What is the severity of CVE-2021-43549?

CVE-2021-43549 has been classified as a medium severity vulnerability.

Q: How do I fix CVE-2021-43549?

To mitigate CVE-2021-43549, ensure that appropriate access controls are enforced and users are educated to avoid interacting with untrusted links.

Q: Who is affected by CVE-2021-43549?

CVE-2021-43549 affects all versions of PI Web API 2019 SPI and prior, which are managed by OSIsoft.

Q: What types of attacks does CVE-2021-43549 enable?

CVE-2021-43549 allows attackers to trick users into revealing sensitive information or providing false information via malicious redirects.

Q: Is CVE-2021-43549 exploit code readily available?

At this time, there is no public information indicating that exploit code for CVE-2021-43549 is readily available.

Published Nov 18, 2021

Updated

A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.

Affected Software

2 affected components

OSIsoft All versions of PI Web API 2019 SPI and prior

OSIsoft PI Web API<=2019

Event History

Nov 18, 2021

CVE Published

via MITRE·02:18 PM

Data Sourced

via MITRE·02:18 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

ICSA-21-313-06

Frequently Asked Questions

What is the severity of CVE-2021-43549?

CVE-2021-43549 has been classified as a medium severity vulnerability.

How do I fix CVE-2021-43549?

To mitigate CVE-2021-43549, ensure that appropriate access controls are enforced and users are educated to avoid interacting with untrusted links.

Who is affected by CVE-2021-43549?

CVE-2021-43549 affects all versions of PI Web API 2019 SPI and prior, which are managed by OSIsoft.

What types of attacks does CVE-2021-43549 enable?