Vulnerabilities > Osisoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2018-19006 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected.
network
low complexity
osisoft CWE-79
4.8
2018-04-03 CVE-2016-8365 Improper Access Control vulnerability in Osisoft products
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service.
local
low complexity
osisoft CWE-284
5.5
2018-03-14 CVE-2018-7531 Improper Input Validation vulnerability in Osisoft PI Data Archive 2017/3.4.430.460
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior.
network
high complexity
osisoft CWE-20
5.9
2018-03-14 CVE-2018-7508 Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
low complexity
osisoft CWE-79
6.1
2018-03-14 CVE-2018-7504 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-79
6.1
2018-03-14 CVE-2018-7496 Information Exposure vulnerability in Osisoft PI Vision 2017
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-200
5.3
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
high complexity
osisoft CWE-287
5.9
2017-08-14 CVE-2017-9655 Cross-site Scripting vulnerability in Osisoft products
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017.
network
low complexity
osisoft CWE-79
5.4
2017-02-13 CVE-2016-8353 Permissions, Privileges, and Access Controls vulnerability in Osisoft PI web API 2015 R2 1.5.1
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1).
network
low complexity
osisoft CWE-264
6.4
2016-06-19 CVE-2016-4530 Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5
OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.
network
low complexity
osisoft CWE-20
6.5