EUVD-2015-1157

Malware in sbrugna...

The vulnerability of the PI Server database management system allows a hacker to circumvent restrictions on executing SQL commands.

The vulnerability of the PI Server database management system is related to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to bypass restrictions on the execution of SQL commands by adding the account to the Trusted Users group and excludin...

Command injection

OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL AF Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements...

OSIsoft PI AF and PI SQL for AF Command Limit Bypass Vulnerability

OSIsoft PI AF Asset Framework is a set of asset frameworks that define a consistent presentation for assets and provide structured information, which supports correlation of asset attributes with relational databases, asset-based data analytics, and application calculations, etc. PI SQL for AF is...