Vulnerabilities > Osisoft > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-18 | CVE-2020-25163 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019 A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. | 4.9 |
2022-04-18 | CVE-2020-25167 | Incorrect Authorization vulnerability in Osisoft PI Vision OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. | 4.0 |
2021-11-17 | CVE-2021-43553 | Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019 PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. | 4.0 |
2020-07-24 | CVE-2020-10608 | Improper Verification of Cryptographic Signature vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. | 4.6 |
2020-07-24 | CVE-2020-10606 | Incorrect Default Permissions vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. | 4.6 |
2020-07-24 | CVE-2020-10600 | NULL Pointer Dereference vulnerability in Osisoft PI Data Archive 2018/2019/3.4.430.460 An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. | 4.9 |
2020-06-23 | CVE-2020-12021 | Cross-site Scripting vulnerability in Osisoft PI web API In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | 6.0 |
2020-01-15 | CVE-2019-18275 | Unspecified vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 4.0 |
2020-01-15 | CVE-2019-18271 | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 6.8 |
2019-08-15 | CVE-2019-13515 | Information Exposure Through Log Files vulnerability in Osisoft PI web API OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | 4.0 |