Vulnerabilities > Osisoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-25 | CVE-2017-7930 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 5.8 |
2017-08-25 | CVE-2017-7926 | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API 1.8 A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). | 6.8 |
2017-08-14 | CVE-2017-9655 | Cross-site Scripting vulnerability in Osisoft products A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 3.5 |
2017-08-14 | CVE-2017-9653 | Incorrect Authorization vulnerability in Osisoft products An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 7.5 |
2017-02-13 | CVE-2017-5153 | Information Exposure Through Log Files vulnerability in Osisoft PI Coresight and PI web API An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. | 2.1 |
2017-02-13 | CVE-2016-8353 | Permissions, Privileges, and Access Controls vulnerability in Osisoft PI web API 2015 R2 1.5.1 An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). | 5.5 |
2016-06-19 | CVE-2016-4530 | Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 4.0 |
2016-06-19 | CVE-2016-4518 | Improper Input Validation vulnerability in Osisoft PI AF Server 2016 OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | 4.0 |
2015-05-26 | CVE-2015-1013 | SQL Injection vulnerability in Osisoft PI Server and PI SQL FOR AF OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. | 6.5 |
2014-04-12 | CVE-2013-2828 | Improper Input Validation vulnerability in Osisoft PI Interface The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line. | 4.7 |