Vulnerabilities > Osisoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-10643 | Cross-Site Scripting vulnerability in Osisoft PI Vision 2019 An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. | 3.5 |
| 2020-07-25 | CVE-2020-10614 | Cross-Site Scripting vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. | 3.5 |
| 2020-07-25 | CVE-2020-10604 | Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018 In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. | 5.0 |
| 2020-07-24 | CVE-2020-10610 | Uncontrolled Search Path Element vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | 7.2 |
| 2020-07-24 | CVE-2020-10608 | Improper Verification of Cryptographic Signature vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. | 4.6 |
| 2020-07-24 | CVE-2020-10606 | Incorrect Default Permissions vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. | 4.6 |
| 2020-07-24 | CVE-2020-10600 | Null Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460 An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. | 4.9 |
| 2020-06-23 | CVE-2020-12021 | Cross-Site Scripting vulnerability in Osisoft PI web API In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | 6.0 |
| 2020-01-15 | CVE-2019-18275 | Unspecified vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 4.0 |
| 2020-01-15 | CVE-2019-18273 | Cross-Site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. | 3.5 |