For customers who still have PI 7.0x or XI 3.0, please take note of this potential security problem. PI 7.1x systems and above are not affected.
A malicious user can use an XML-based request to perform a denial of service attack on an XI 3.0/PI 7.0x system, or disclose local data as a response to the malicious request.
The problem is caused by a program error in XI 3.0 or PI 7.0x due to the incorrect use of an XML parser. The parser can open external entities referenced in the XML request, which can lead to the malicious content being parsed. The content can reference internal resources, such as files, by returning the contents as a response to the requester, or can be used to perform denial of service attack on the XI 3.0/PI 7.0x system.