The NCCIC has published an advisory on inclusion on sensitive information in log files and protection mechanism failure vulnerabilities in OSIsoft PI Web API. PI Web API 2018 and prior are affected. Successful exploitation of these vulnerabilities may allow direct attacks against the product and disclose sensitive information. OSIsoft recommends users upgrade to PI Web API 2018 SP1 or later to resolve these issues. The NCCIC also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.