Vulnerabilities > Osisoft

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2020-25163 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0.
network
osisoft CWE-79
4.9
2022-04-18 CVE-2020-25167 Incorrect Authorization vulnerability in Osisoft PI Vision
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
network
low complexity
osisoft CWE-863
4.0
2021-11-18 CVE-2021-43549 Cross-site Scripting vulnerability in Osisoft PI web API
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website.
network
osisoft CWE-79
3.5
2021-11-17 CVE-2021-43551 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
A remote attacker with write access to PI Vision could inject code into a display.
network
osisoft CWE-79
3.5
2021-11-17 CVE-2021-43553 Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.
network
low complexity
osisoft CWE-863
4.0
2020-07-27 CVE-2020-10643 Cross-site Scripting vulnerability in Osisoft PI Vision 2019
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
network
osisoft CWE-79
3.5
2020-07-25 CVE-2020-10614 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display.
network
osisoft CWE-79
3.5
2020-07-25 CVE-2020-10604 Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests.
network
low complexity
osisoft CWE-755
7.5
2020-07-24 CVE-2020-10610 Untrusted Search Path vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
local
low complexity
osisoft CWE-426
7.2
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft CWE-347
4.6