Osisoft: Security Vulnerabilities
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-24
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-07-24
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
9.0
EPSS Score
0.006
Published
2020-06-23
In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue.
CVSS Score
4.7
EPSS Score
0.001
Published
2020-01-15
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-01-15
OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-01-15
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-15
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-15
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-15
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-04-08