Lucene search
K

323 matches found

ICS
ICS
added 2021/11/09 12:0 a.m.73 views

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OSIsoft Equipment: PI Vision Vulnerabilities: Cross-site Scripting, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to information disclosure,...

6.5CVSS5.4AI score0.0059EPSS
Exploits0References5
ICS
ICS
added 2020/11/10 12:0 a.m.72 views

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Vision 2020 Vulnerabilities: Cross-site Scripting, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow a remote attacker with...

7.7CVSS6.7AI score0.0091EPSS
Exploits0References5
ICS
ICS
added 2020/11/10 12:0 a.m.71 views

ICSA-20-315-01_OSIsoft PI Interface for OPC XML-DA

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Interface Vulnerability: Numeric Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker-controlled OPC XML-DA Server to respond with a...

9.3CVSS9AI score0.28084EPSS
Exploits1References2
CNVD
CNVD
added 2020/07/28 12:0 a.m.3 views

OSIsoft PI Vision Cross-Site Scripting Vulnerability (CNVD-2020-44877)

OSIsoft PI Vision is a suite of visualization tools from OSIsoft, Inc. that supports accessing PI System data from mobile devices. It supports self-configuration of trends, images, data values, and more in order to present data information. A cross-site scripting vulnerability exists in OSIsoft P...

6.5CVSS6.4AI score0.00951EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/27 9:20 p.m.21 views

CVE-2020-10643 OSIsoft PI System

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component...

6.5CVSS6.3AI score0.00951EPSS
Exploits0References1
NVD
NVD
added 2020/07/25 12:15 a.m.23 views

CVE-2020-10614

In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display...

4.8CVSS5.8AI score0.00891EPSS
Exploits0References1
NVD
NVD
added 2020/07/25 12:15 a.m.26 views

CVE-2020-10604

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive...

7.5CVSS7.5AI score0.02147EPSS
Exploits0References1
OSV
OSV
added 2020/07/25 12:15 a.m.3 views

CVE-2020-10614

In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display...

4.8CVSS5.9AI score0.00891EPSS
Exploits0References1
Prion
Prion
added 2020/07/25 12:15 a.m.17 views

Design/Logic Flaw

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive...

5CVSS7.3AI score0.02147EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/25 12:15 a.m.17 views

Information disclosure

In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display...

3.5CVSS5.7AI score0.00891EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/24 11:43 p.m.64 views

CVE-2020-10614

CVE-2020-10614 is a cross-site scripting vulnerability in OSIsoft PI System (PI Vision) where an authenticated remote attacker with write access to PI Vision databases can inject code into a display, enabling unauthorized disclosure, deletion, or modification when a user views the infected displa...

4.8CVSS5.1AI score0.00891EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/24 11:43 p.m.25 views

CVE-2020-10614

In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display...

5.1AI score0.00891EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/24 11:34 p.m.32 views

CVE-2020-10604

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive...

7.5AI score0.02147EPSS
Exploits0References1
CVE
CVE
added 2020/07/24 11:34 p.m.66 views

CVE-2020-10604

CVE-2020-10604 affects OSIsoft PI System: a remote, unauthenticated attacker can crash the PI Network Manager service via specially crafted requests, blocking connections and queries to the PI Data Archive. The impact is described in the Update A 4.2.4 entry (Uncaught Exception) with CVSS v3 base...

7.5CVSS7.4AI score0.02147EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/07/24 11:15 p.m.4 views

CVE-2020-10602

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive...

5.3CVSS6.1AI score0.00881EPSS
Exploits0References1
NVD
NVD
added 2020/07/24 11:15 p.m.18 views

CVE-2020-10606

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other...

7.8CVSS7.2AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2020/07/24 11:15 p.m.29 views

CVE-2020-10608

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized...

7.8CVSS7.5AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2020/07/24 11:15 p.m.3 views

CVE-2020-10606

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other...

7.8CVSS7.2AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2020/07/24 11:15 p.m.24 views

CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...

7.8CVSS7.4AI score0.00378EPSS
Exploits0References1
Prion
Prion
added 2020/07/24 11:15 p.m.13 views

Race condition

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive...

3.5CVSS5.7AI score0.00881EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder