Vulnerabilities > Osisoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2020-25163 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0.
network
osisoft CWE-79
4.9
4.9
2022-04-18 CVE-2020-25167 Incorrect Authorization vulnerability in Osisoft PI Vision
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
network
low complexity
osisoft CWE-863
4.0
4.0
2021-11-17 CVE-2021-43553 Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.
network
low complexity
osisoft CWE-863
4.0
4.0
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft CWE-347
4.6
4.6
2020-07-24 CVE-2020-10606 Incorrect Default Permissions vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software.
local
low complexity
osisoft CWE-276
4.6
4.6
2020-07-24 CVE-2020-10600 NULL Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure.
network
osisoft CWE-476
4.9
4.9
2020-06-23 CVE-2020-12021 Cross-site Scripting vulnerability in Osisoft PI web API
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
network
osisoft CWE-79
6.0
6.0
2020-01-15 CVE-2019-18275 Unspecified vulnerability in Osisoft PI Vision 2017/2019
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
low complexity
osisoft
4.0
4.0
2020-01-15 CVE-2019-18271 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
osisoft CWE-352
6.8
6.8
2019-08-15 CVE-2019-13515 Information Exposure Through Log Files vulnerability in Osisoft PI web API
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
network
low complexity
osisoft CWE-532
4.0
4.0