CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.3%

CVSS Severity

CVSS v3 Score 9.0

CVSS v2 Score 6.0

References

https://www.us-cert.gov/ics/advisories/icsa-20-163-01
https://www.us-cert.gov/ics/advisories/icsa-20-163-01

Products affected by CVE-2020-12021

Osisoft » Pi Web Api » Version: 2014

cpe:2.3:a:osisoft:pi_web_api:2014
Osisoft » Pi Web Api » Version: 2015

cpe:2.3:a:osisoft:pi_web_api:2015
Osisoft » Pi Web Api » Version: 2016

cpe:2.3:a:osisoft:pi_web_api:2016
Osisoft » Pi Web Api » Version: 2017

cpe:2.3:a:osisoft:pi_web_api:2017
Osisoft » Pi Web Api » Version: 2018

cpe:2.3:a:osisoft:pi_web_api:2018
Osisoft » Pi Web Api » Version: 2019

cpe:2.3:a:osisoft:pi_web_api:2019

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12021

Products

Pricing

Contact Us