Osisoft: >> Pi Web Api >> 2018 Security Vulnerabilities
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.
CVSS Score
6.9
EPSS Score
0.001
Published
2021-11-18
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
9.0
EPSS Score
0.006
Published
2020-06-23
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-15
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-15