Vulnerabilities > Osisoft > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2020-25163 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0.
network
low complexity
osisoft CWE-79
7.3
2020-07-25 CVE-2020-10604 Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests.
network
low complexity
osisoft CWE-755
7.5
2020-07-24 CVE-2020-10610 Untrusted Search Path vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
local
low complexity
osisoft CWE-426
7.8
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft CWE-347
7.8
2020-07-24 CVE-2020-10606 Incorrect Default Permissions vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software.
local
low complexity
osisoft CWE-276
7.8
2020-07-24 CVE-2020-10600 NULL Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure.
network
low complexity
osisoft CWE-476
7.1
2020-01-15 CVE-2019-18271 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017/2019
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
low complexity
osisoft CWE-352
8.8
2019-08-15 CVE-2019-13516 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
network
low complexity
osisoft CWE-352
8.8
2018-05-25 CVE-2017-9641 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Coresight
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system.
network
low complexity
osisoft CWE-352
8.8
2018-03-14 CVE-2018-7533 Incorrect Default Permissions vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
local
low complexity
osisoft CWE-276
7.8