Lucene search
+L
OsisoftPi Data Archive

11 matches found

CVE
CVE
added 2020/07/24 10:42 p.m.82 views

CVE-2020-10610

CVE-2020-10610 affects OSIsoft PI System components. A local attacker can modify the search path and plant a binary to execute on the target, gaining Windows SYSTEM privileges and causing unauthorized disclosure, deletion, or modification of data. The vulnerability is classified as Uncontrolled S...

7.8CVSS7.3AI score0.00378EPSS
CVE
CVE
added 2020/07/24 10:55 p.m.72 views

CVE-2020-10606

CVE-2020-10606 affects OSIsoft PI System (multiple products/versions). The issue is incorrect default permissions that allow a local attacker to access and potentially disclose, delete, or modify data if the machine processes PI System data from multiple users (e.g., shared workstations/terminal ...

7.8CVSS7.1AI score0.0027EPSS
CVE
CVE
added 2020/07/24 10:46 p.m.67 views

CVE-2020-10608

CVE-2020-10608 affects the OSIsoft PI System. A local attacker can plant a binary and bypass a code integrity check when loading PI System libraries, allowing privilege escalation and leading to unauthorized disclosure, deletion, or modification of local data. Red Hat and NVD entries corroborate ...

7.8CVSS7.4AI score0.00223EPSS
CVE
CVE
added 2020/07/24 11:34 p.m.66 views

CVE-2020-10604

CVE-2020-10604 affects OSIsoft PI System: a remote, unauthenticated attacker can crash the PI Network Manager service via specially crafted requests, blocking connections and queries to the PI Data Archive. The impact is described in the Update A 4.2.4 entry (Uncaught Exception) with CVSS v3 base...

7.5CVSS7.4AI score0.02147EPSS
CVE
CVE
added 2020/07/24 11:1 p.m.62 views

CVE-2020-10600

CVE-2020-10600 affects OSIsoft PI System: a NULL pointer dereference vulnerability in the PI Archive Subsystem can be triggered by an authenticated remote attacker under memory pressure, potentially blocking queries to the PI Data Archive (2018 SP2 and earlier). The vulnerability is documented wi...

7.1CVSS6.2AI score0.00842EPSS
CVE
CVE
added 2018/04/03 2:0 p.m.56 views

CVE-2016-8365

CVE-2016-8365 describes an incomplete model of endpoint features in OSIsoft PI System. Affected products are PI AF Client (≤ 2.8.0), PI SDK (≤ 1.4.6), PI Buffer Subsystem (≤ 4.4), and PI Data Archive (≤ 3.4.395.64). The vulnerability could cause a denial of service when actions are taken based on...

5.5CVSS5.4AI score0.00359EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.51 views

CVE-2018-7529

Summary : CVE-2018-7529 is associated with OSIsoft PI Data Archive versions 2017 and prior. Vulnerability type : Deserialization of Untrusted Data (CWE-502). Root cause / impact : Unauthenticated users may modify deserialized data to issue custom requests that crash the PI Data Archive server (av...

7.8CVSS7.4AI score0.0213EPSS
CVE
CVE
added 2017/08/25 7:0 p.m.50 views

CVE-2017-7930

CVE-2017-7930 affects the OSIsoft PI Server 2017 family, specifically the PI Data Archive prior to 2017. The issue is an Improper Authentication vulnerability in the protocol that can expose change records in the clear and allow a malicious party to spoof a server within a PI Network. The connect...

7.4CVSS7.3AI score0.02012EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.49 views

CVE-2018-7533

CVE-2018-7533 affects OSIsoft PI Data Archive versions 2017 and prior, describing an Incorrect Default Permissions flaw (CWE-276) that may allow privilege escalation to full control of the system due to insecure default configuration. The vulnerability is characterized by a local attack context w...

7.8CVSS7.7AI score0.00348EPSS
CVE
CVE
added 2017/08/25 7:0 p.m.46 views

CVE-2017-7934

CVE-2017-7934 concerns OSIsoft PI Server 2017 PI Data Archive prior to 2017, where PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and cause the PI Network Manager to behave in an undefined manner. The vulnerability ...

5.9CVSS5.6AI score0.02147EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.46 views

CVE-2018-7531

CVE-2018-7531 affects the OSIsoft PI Data Archive (versions 2017 and earlier). The issue is an improper input validation allowing unauthenticated attackers to send unvalidated custom requests that crash the PI Data Archive server, impacting availability (CWE-20). The NVD entry provides a CVSS v3 ...

7.1CVSS5.6AI score0.01429EPSS