Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Web API

TABLE OF CONTENTS

Release notes

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 20, 2025
  • 5 minute read

PI Web API 2023 SP1 Patch 1

1.19.1.28

Overview

The PI Web API is a RESTful service in the Developer Technologies suite, designed to provide cross-platform web and mobile programmatic interfaces to the PI System. The PI Web API presently contains basic functionality needed to retrieve and manipulate time series data from the PI Data Archive, Asset and Event Frame data from the PI Asset Framework, and to index and search on objects within the PI System.

The PI Web API belongs to the AVEVA Developer Technologies family of products, which is designed to support the implementation of custom applications on top of the PI System, as well as the integration of PI System data with other applications and business systems such as Microsoft Office or SQL Server, Enterprise Resource Planning systems (ERPs), reporting and analytics platforms, web portals, geospatial and maintenance systems. The Developer Technologies cover a wide range of use cases in various environments, programming languages, operating systems, and infrastructures.

Fixes and enhancements

Fixes

This section lists items that were resolved in this release of PI Web API.

Work Items

Description

3076507

PI Web API becomes unresponsive to a specific user.

3244584

A 500 level error occurs when Property.Minimum sits outside of acceptable minimum values.

3559998

Error occurs when processing multiple OMF data messages for an uncached OMF Type.

3593274

OMF Static instance renaming does not work.

Enhancements

PI Web API 2023 SP1 Patch 1 includes bug fixes and addresses security vulnerabilities only.

Security Enhancement: PI Web API System Information endpoints now require administrative privileges to access. End-user developed clients which interact with these endpoints need to be updated to present an appropriate identity with administrative privileges.

Known Issues

This section lists problems or enhancements that have been deferred until a future release:

Work Items

Description

61475

PI Web API silent installation fails if InstallationConfig.json path has spaces.

63862

PI Web API Admin Utility adds CA-signed certificate to local machine Trusted People store.

64081

The OMF feature will not be available after modifying an installation using the control panel and will return 404 not found error. To work around the issue, run the PI Web API Admin Utility after the installation.

64268

If a user is removed from the “PI Web API Admins” group and later runs the installer, that user will not be re-added to the group. As a workaround, the user can be manually added to the “PI Web APIAdmins” group.

130566

Non-ASCII characters cannot be used in usernames or passwords in Basic Authentication.

192785

Retrieving Digital State values may fail if the Digital Set has been changed.

258584

PI Web API incorrectly converts string stream values that are formatted as valid ISO8601 timestamps to DateTime format.

Security information and guidance

We are committed to releasing secure products. This section is intended to provide relevant security-related information to guide your installation or upgrade decision.

We proactively disclose aggregate information about the number and severity of security vulnerabilities addressed in each release. The tables below provide an overview of security issues addressed and their relative severity based on standard scoring.

Overview of New Vulnerabilities Found or Fixed

This section is intended to provide relevant security-related information to guide your installation or upgrade decision. We proactively disclose aggregate information about the number and severity of PI Web API security vulnerabilities that are fixed in this release.

Security Vulnerabilities in PI Web API 2023 SP1 Patch 1 1.19.1.28 Release

For this release of PI Web API, three vulnerabilities have been fixed.

Severity Category

CVSS Base Score Range

Number of Fixed Vulnerabilities

Critical

9 - 10

0

High

7.0 - 8.9

0

Medium

4.0 - 6.9

1

Low

0 - 3.9

2

Security Vulnerabilities in PI AF Client 2024

Related to this release of PI Web API, no vulnerabilities have been fixed in PI AF Client 2024.

Severity Category

CVSS Base Score Range

Number of Fixed Vulnerabilities

Critical

9 - 10

0

High

7.0 - 8.9

0

Medium

4.0 - 6.9

0

Low

0 - 3.9

0

Vulnerability Mitigations in PI Web API 2023 SP1 Patch 1 v1.19.1.28 Release

The following vulnerabilities were identified in PI Web API v1.19.1.28 Release:

Component

Version

CVE or Reference

CVSS

Mitigation

RazorEngine

3.10.0

CVE-2021-46703 (https://nvd.nist.gov/vuln/detail/CVE-2021-46703)

7.4

The PI Web API does not use the IsolatedRazorEngineService or allow users to externally control the contents of Razor templates.

SQLite

3.43.0

CVE-2023-7104

(https://nvd.nist.gov/vuln/detail/CVE-2023-7104)

7.4

SQLite is vulnerable to an out-of-bounds memory access issue due to a lack of sufficient input validation in the sessionReadRecord() function.

This vulnerability does not apply to PI Web API as the interdependency using SQLite does not utilize the session extension capability.

SQLite

3.43.0

CVE-2024-0232 (https://nvd.nist.gov/vuln/detail/CVE-2024-0232)

6.3

SQLite contains a heap use-after-free vulnerability due to mishandling of certain input. A local attacker could exploit this by convincing a victim into interacting with supplied malicious input, potentially leading to serious impacts to application confidentiality, integrity, and availability due to the corruption of memory.

This vulnerability does not apply to PI Web API as the interdependency using SQLite does not have JSON parsing capability.

System.Text.Json

6.0.0

CVE-2024-43485
(https://nvd.nist.gov/vuln/detail/CVE-2024-43485)

7.5

.NET Runtime is vulnerable to denial-of-service (DoS) due to improper management of algorithmically complex deserialization operations in the System.Text.Json module.

This vulnerability does not apply to PI Web API as the interdependency using the affected version of System.Text.Json does not utilize the vulnerable functionality.

Documentation overview

These release notes comprise a part of the following documentation set that supports PI Web API:

  • PI Web API 2023 SP1 Patch 1 Programmer Reference: This reference is included in the product. It is an online API reference meant for developers who wish to program against the services provided in the product. It is accessible as HTML from https://servername/piwebapi/help, where servername is the hostname of the server on which this product has been installed.

  • PI Web API 2023 SP1 Patch 1 User Guide: This user guide provides information relevant to the configuration, settings, and administration of the product, and contains steps and helpful information for resolving problems with the product.

  • PI Square and PI Developers Club: The PI Square Community has free resources to help you with the programming and integration of our products. Additional benefits are available on a paid subscription basis to members of PI Developers Club.

Additional information about the PI Developer Platform, PI Server, PI Asset Framework, and other topics of interest can be found in respective books available on Customer Support.

Distribution Kit Files

The installer is released as a self-extracting distribution kit containing:

  • Installation files for PI AF Client 2024, which includes the AF Client installer, and installers for its prerequisites

    • Microsoft Visual C++ 2022 Redistributable (x86 and x64)

    • PI Network Subsystem 3.5.505.1016

    • PI Buffer Subsystem 4.9.0.37

  • The PI Web API Windows Installer Database (MSI) file signed by AVEVA

In This Topic
TitleResults for “How to create a CRG?”Also Available in