Vulnerabilities > Osisoft > PI Buffer Subsystem
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-24 | CVE-2020-10610 | Untrusted Search Path vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | 7.2 |
| 2020-07-24 | CVE-2020-10608 | Improper Verification of Cryptographic Signature vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. | 4.6 |
| 2020-07-24 | CVE-2020-10606 | Incorrect Default Permissions vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. | 4.6 |
| 2018-04-03 | CVE-2016-8365 | Improper Access Control vulnerability in Osisoft products OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. | 2.1 |