Vulnerabilities > Osisoft > PI Data Archive > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-03 CVE-2016-8365 Improper Access Control vulnerability in Osisoft products
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service.
local
low complexity
osisoft CWE-284
5.5
2018-03-14 CVE-2018-7531 Improper Input Validation vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
high complexity
osisoft CWE-20
5.9
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
high complexity
osisoft CWE-287
5.9