Lucene search

K

Pi Security Vulnerabilities

cve
cve

CVE-2024-3468

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

7.3AI Score

0.0004EPSS

2024-06-12 09:15 PM
26
cve
cve

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an...

7.3AI Score

0.0004EPSS

2024-06-12 09:15 PM
22
cve
cve

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-04 09:15 AM
13
cve
cve

CVE-2024-28247

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

7.6CVSS

7.1AI Score

0.0004EPSS

2024-03-27 07:15 PM
27
cve
cve

CVE-2023-34348

AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service...

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-18 06:15 PM
16
cve
cve

CVE-2023-31274

AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service...

5.3CVSS

5.1AI Score

0.001EPSS

2024-01-18 06:15 PM
5
cve
cve

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
18
cve
cve

CVE-2022-4046

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-08-03 01:15 PM
13
cve
cve

CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
15
cve
cve

CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service...

6.5CVSS

6.5AI Score

0.0004EPSS

2023-08-03 12:15 PM
23
cve
cve

CVE-2023-37553

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
11
cve
cve

CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via...

6.5CVSS

6.6AI Score

0.0005EPSS

2023-08-03 12:15 PM
19
cve
cve

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37556

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
12
cve
cve

CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
16
cve
cve

CVE-2023-37554

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
13
cve
cve

CVE-2023-37547

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37546

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 11:15 AM
32
cve
cve

CVE-2023-28991

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-06-26 06:15 AM
10
cve
cve

CVE-2022-47393

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...

6.5CVSS

7.3AI Score

0.001EPSS

2023-05-15 11:15 AM
25
cve
cve

CVE-2022-47392

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...

6.5CVSS

7.2AI Score

0.001EPSS

2023-05-15 11:15 AM
21
cve
cve

CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
15
cve
cve

CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...

7.5CVSS

7.8AI Score

0.002EPSS

2023-05-15 10:15 AM
20
cve
cve

CVE-2022-47389

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
18
cve
cve

CVE-2022-47382

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
21
cve
cve

CVE-2022-47379

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
22
cve
cve

CVE-2022-47380

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
18
cve
cve

CVE-2022-47383

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47381

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-47378

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service...

6.5CVSS

6.9AI Score

0.001EPSS

2023-05-15 10:15 AM
26
cve
cve

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...

4.3CVSS

4.5AI Score

0.001EPSS

2023-05-15 10:15 AM
23
cve
cve

CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47386

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
27
cve
cve

CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the...

8.8CVSS

8.3AI Score

0.002EPSS

2023-03-23 12:15 PM
27
cve
cve

CVE-2018-25048

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the...

8.8CVSS

8.4AI Score

0.001EPSS

2023-03-23 11:15 AM
15
cve
cve

CVE-2021-46795

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of...

4.7CVSS

5.4AI Score

0.0004EPSS

2023-01-11 08:15 AM
29
cve
cve

CVE-2022-45182

Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module...

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-11 08:15 PM
20
13
cve
cve

CVE-2022-27893

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version...

4.2CVSS

4.6AI Score

0.0004EPSS

2022-11-04 04:15 PM
24
5
cve
cve

CVE-2013-2801

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read...

6.8AI Score

0.002EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2013-2800

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration...

7AI Score

0.002EPSS

2022-10-03 04:15 PM
32
cve
cve

CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not...

7.5CVSS

7.4AI Score

0.001EPSS

2022-07-11 11:15 AM
37
4
cve
cve

CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not...

7.5CVSS

7.4AI Score

0.001EPSS

2022-07-11 11:15 AM
20
2
Total number of security vulnerabilities152