323 matches found
Information disclosure
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized...
Information disclosure
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...
CVE-2020-10600 OSIsoft PI System
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive 2018 SP2 and prior versions...
CVE-2020-10602
CVE-2020-10602 affects OSIsoft PI System components where an authenticated remote attacker can crash the PI Network Manager due to a race condition, potentially blocking connections and queries to the PI Data Archive. Connected sources corroborate a family of related race-condition/crash flaws ac...
CVE-2020-10602
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive...
CVE-2020-10606
CVE-2020-10606 affects OSIsoft PI System (multiple products/versions). The issue is incorrect default permissions that allow a local attacker to access and potentially disclose, delete, or modify data if the machine processes PI System data from multiple users (e.g., shared workstations/terminal ...
CVE-2020-10606
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other...
CVE-2020-10608
CVE-2020-10608 affects the OSIsoft PI System. A local attacker can plant a binary and bypass a code integrity check when loading PI System libraries, allowing privilege escalation and leading to unauthorized disclosure, deletion, or modification of local data. Red Hat and NVD entries corroborate ...
CVE-2020-10608
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized...
CVE-2020-10610
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...
CVE-2020-10610
CVE-2020-10610 affects OSIsoft PI System components. A local attacker can modify the search path and plant a binary to execute on the target, gaining Windows SYSTEM privileges and causing unauthorized disclosure, deletion, or modification of data. The vulnerability is classified as Uncontrolled S...
PT-2020-12233 · Osisoft · Osisoft Pi System
Name of the Vulnerable Software and Affected Versions: OSIsoft PI System affected versions not specified Description: A remote, unauthenticated attacker could crash the PI Network Manager service through specially crafted requests, resulting in blocked connections and queries to the PI Data...
CVE-2020-12021
In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...
CVE-2020-12021
In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...
Cross site scripting
In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...
CVE-2020-12021
In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...
CVE-2020-12021
CVE-2020-12021 affects OSIsoft PI Web API (2019 Patch 1, 1.12.0.6346) and earlier, with a cross-site scripting vulnerability that could enable a remote attacker to execute arbitrary JavaScript in a user’s browser, potentially leading to data view/modification/deletion under the victim’s permissio...
OSIsoft PI Web API 2019
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: OSIsoft Equipment: PI Web API 2019 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a...
OSIsoft PI Data Archive Null Pointer Reference Vulnerability
OSIsoft PI Web API is a product from OSIsoft USA for accessing PI system data. A null pointer reference vulnerability exists in OSIsoft PI Data Archive, which can be exploited by an attacker to crash the PI Archive Subsystem...
Unspecified Vulnerability in OSIsoft PI Data Archive
OSIsoft PI Data Archive is a file archiving and storage component for PI Server from OSIsoft, USA. The component is mainly used for archiving and storing configuration information and time series data. A security vulnerability exists in OSIsoft PI Data Archive version 2018 and 2018 SP2. A remote...