Vulnerabilities > Osisoft > PI Data Archive

DATE CVE VULNERABILITY TITLE RISK
2020-07-25 CVE-2020-10604 Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests.
network
low complexity
osisoft CWE-755
7.5
2020-07-24 CVE-2020-10610 Untrusted Search Path vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
local
low complexity
osisoft CWE-426
7.8
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft CWE-347
7.8
2020-07-24 CVE-2020-10606 Incorrect Default Permissions vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software.
local
low complexity
osisoft CWE-276
7.8
2020-07-24 CVE-2020-10600 NULL Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure.
network
low complexity
osisoft CWE-476
7.1
2018-04-03 CVE-2016-8365 Improper Access Control vulnerability in Osisoft products
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service.
local
low complexity
osisoft CWE-284
5.5
2018-03-14 CVE-2018-7533 Incorrect Default Permissions vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
local
low complexity
osisoft CWE-276
7.8
2018-03-14 CVE-2018-7531 Improper Input Validation vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
high complexity
osisoft CWE-20
5.9
2018-03-14 CVE-2018-7529 Deserialization of Untrusted Data vulnerability in Osisoft PI Data Archive 3.4.430.460
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
low complexity
osisoft CWE-502
7.5
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
high complexity
osisoft CWE-287
5.9