Vulnerabilities > Osisoft > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-25 | CVE-2020-10604 | Improper Handling of Exceptional Conditions vulnerability in Osisoft PI Data Archive 2018 In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. | 7.5 |
2020-07-24 | CVE-2020-10610 | Untrusted Search Path vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | 7.2 |
2019-08-15 | CVE-2019-13516 | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | 8.8 |
2018-03-14 | CVE-2018-7533 | Incorrect Default Permissions vulnerability in Osisoft PI Data Archive 2017 An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. | 7.2 |
2018-03-14 | CVE-2018-7531 | Improper Input Validation vulnerability in Osisoft PI Data Archive 2017 An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. | 7.1 |
2018-03-14 | CVE-2018-7529 | Deserialization of Untrusted Data vulnerability in Osisoft PI Data Archive A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. | 7.8 |
2018-03-14 | CVE-2018-7500 | Unspecified vulnerability in Osisoft PI Vision and PI web API A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. | 7.5 |
2017-08-14 | CVE-2017-9653 | Incorrect Authorization vulnerability in Osisoft products An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 7.5 |
2014-04-12 | CVE-2013-2809 | Improper Input Validation vulnerability in Osisoft PI Interface The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. | 7.1 |
2012-07-20 | CVE-2012-3008 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Osisoft PI OPC DA Interface 2.3.16.16/2.3.17.18 Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. | 8.5 |