Vulnerabilities > Osisoft

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2017-9641 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Coresight
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system.
network
low complexity
osisoft CWE-352
8.8
2018-04-03 CVE-2016-8365 Improper Access Control vulnerability in Osisoft products
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service.
local
low complexity
osisoft CWE-284
5.5
2018-03-14 CVE-2018-7533 Incorrect Default Permissions vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
local
low complexity
osisoft CWE-276
7.8
2018-03-14 CVE-2018-7531 Improper Input Validation vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
high complexity
osisoft CWE-20
5.9
2018-03-14 CVE-2018-7529 Deserialization of Untrusted Data vulnerability in Osisoft PI Data Archive 3.4.430.460
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
low complexity
osisoft CWE-502
7.5
2018-03-14 CVE-2018-7508 Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
low complexity
osisoft CWE-79
6.1
2018-03-14 CVE-2018-7504 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-79
6.1
2018-03-14 CVE-2018-7500 Unspecified vulnerability in Osisoft PI Vision and PI web API
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
low complexity
osisoft
critical
9.8
2018-03-14 CVE-2018-7496 Information Exposure vulnerability in Osisoft PI Vision 2017
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-200
5.3
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
high complexity
osisoft CWE-287
5.9