Vulnerabilities > Osisoft

DATE CVE VULNERABILITY TITLE RISK
2020-07-27 CVE-2020-10643 Cross-Site Scripting vulnerability in Osisoft PI Vision 2019
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
network
osisoft CWE-79
3.5
2020-07-25 CVE-2020-10614 Cross-Site Scripting vulnerability in Osisoft PI Vision 2017/2019
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display.
network
osisoft CWE-79
3.5
2020-07-25 CVE-2020-10604 Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests.
network
low complexity
osisoft CWE-755
5.0
2020-07-24 CVE-2020-10610 Uncontrolled Search Path Element vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
local
low complexity
osisoft CWE-427
7.2
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft CWE-347
4.6
2020-07-24 CVE-2020-10606 Incorrect Default Permissions vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software.
local
low complexity
osisoft CWE-276
4.6
2020-07-24 CVE-2020-10600 Null Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure.
network
osisoft CWE-476
4.9
2020-06-23 CVE-2020-12021 Cross-Site Scripting vulnerability in Osisoft PI web API
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
network
osisoft CWE-79
6.0
2020-01-15 CVE-2019-18275 Unspecified vulnerability in Osisoft PI Vision 2017/2019
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
low complexity
osisoft
4.0
2020-01-15 CVE-2019-18273 Cross-Site Scripting vulnerability in Osisoft PI Vision 2017
OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1.
network
osisoft CWE-79
3.5