Vulnerabilities > Osisoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2017-9641 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Coresight
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system.
network
osisoft CWE-352
6.8
2018-03-14 CVE-2018-7508 Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
osisoft CWE-79
4.3
2018-03-14 CVE-2018-7504 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
osisoft CWE-79
4.3
2018-03-14 CVE-2018-7496 Information Exposure vulnerability in Osisoft PI Vision 2017
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-200
5.0
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
osisoft CWE-287
4.3
2017-08-25 CVE-2017-7930 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
osisoft CWE-287
5.8
2017-08-25 CVE-2017-7926 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API 1.8
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0).
network
osisoft CWE-352
6.8
2017-02-13 CVE-2016-8353 Permissions, Privileges, and Access Controls vulnerability in Osisoft PI web API 2015 R2 1.5.1
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1).
network
low complexity
osisoft CWE-264
5.5
2016-06-19 CVE-2016-4530 Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5
OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.
network
low complexity
osisoft CWE-20
4.0
2016-06-19 CVE-2016-4518 Improper Input Validation vulnerability in Osisoft PI AF Server 2016
OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message.
network
low complexity
osisoft CWE-20
4.0