Vulnerabilities > Osisoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2020-25167 Incorrect Authorization vulnerability in Osisoft PI Vision
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
network
low complexity
osisoft CWE-863
6.5
2021-11-18 CVE-2021-43549 Cross-site Scripting vulnerability in Osisoft PI web API
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website.
network
low complexity
osisoft CWE-79
4.8
2021-11-17 CVE-2021-43551 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019/2020
A remote attacker with write access to PI Vision could inject code into a display.
network
low complexity
osisoft CWE-79
5.4
2021-11-17 CVE-2021-43553 Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019/2020
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.
network
low complexity
osisoft CWE-863
4.3
2020-07-27 CVE-2020-10643 Cross-site Scripting vulnerability in Osisoft PI Vision 2019
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
network
low complexity
osisoft CWE-79
5.4
2020-07-25 CVE-2020-10614 Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display.
network
low complexity
osisoft CWE-79
4.8
2020-01-15 CVE-2019-18275 Unspecified vulnerability in Osisoft PI Vision 2017/2019
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
low complexity
osisoft
6.5
2020-01-15 CVE-2019-18273 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1.
network
low complexity
osisoft CWE-79
4.8
2020-01-15 CVE-2019-18244 Information Exposure Through Log Files vulnerability in Osisoft PI Vision 2017/2019
In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision.
local
high complexity
osisoft CWE-532
4.7
2019-08-15 CVE-2019-13515 Information Exposure Through Log Files vulnerability in Osisoft PI web API
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
network
low complexity
osisoft CWE-532
6.5