11 matches found
CVE-2020-10610
CVE-2020-10610 affects OSIsoft PI System components. A local attacker can modify the search path and plant a binary to execute on the target, gaining Windows SYSTEM privileges and causing unauthorized disclosure, deletion, or modification of data. The vulnerability is classified as Uncontrolled S...
CVE-2020-10606
CVE-2020-10606 affects OSIsoft PI System (multiple products/versions). The issue is incorrect default permissions that allow a local attacker to access and potentially disclose, delete, or modify data if the machine processes PI System data from multiple users (e.g., shared workstations/terminal ...
CVE-2020-10608
CVE-2020-10608 affects the OSIsoft PI System. A local attacker can plant a binary and bypass a code integrity check when loading PI System libraries, allowing privilege escalation and leading to unauthorized disclosure, deletion, or modification of local data. Red Hat and NVD entries corroborate ...
CVE-2020-10604
CVE-2020-10604 affects OSIsoft PI System: a remote, unauthenticated attacker can crash the PI Network Manager service via specially crafted requests, blocking connections and queries to the PI Data Archive. The impact is described in the Update A 4.2.4 entry (Uncaught Exception) with CVSS v3 base...
CVE-2020-10600
CVE-2020-10600 affects OSIsoft PI System: a NULL pointer dereference vulnerability in the PI Archive Subsystem can be triggered by an authenticated remote attacker under memory pressure, potentially blocking queries to the PI Data Archive (2018 SP2 and earlier). The vulnerability is documented wi...
CVE-2016-8365
CVE-2016-8365 describes an incomplete model of endpoint features in OSIsoft PI System. Affected products are PI AF Client (≤ 2.8.0), PI SDK (≤ 1.4.6), PI Buffer Subsystem (≤ 4.4), and PI Data Archive (≤ 3.4.395.64). The vulnerability could cause a denial of service when actions are taken based on...
CVE-2018-7529
Summary : CVE-2018-7529 is associated with OSIsoft PI Data Archive versions 2017 and prior. Vulnerability type : Deserialization of Untrusted Data (CWE-502). Root cause / impact : Unauthenticated users may modify deserialized data to issue custom requests that crash the PI Data Archive server (av...
CVE-2017-7930
CVE-2017-7930 affects the OSIsoft PI Server 2017 family, specifically the PI Data Archive prior to 2017. The issue is an Improper Authentication vulnerability in the protocol that can expose change records in the clear and allow a malicious party to spoof a server within a PI Network. The connect...
CVE-2018-7533
CVE-2018-7533 affects OSIsoft PI Data Archive versions 2017 and prior, describing an Incorrect Default Permissions flaw (CWE-276) that may allow privilege escalation to full control of the system due to insecure default configuration. The vulnerability is characterized by a local attack context w...
CVE-2017-7934
CVE-2017-7934 concerns OSIsoft PI Server 2017 PI Data Archive prior to 2017, where PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and cause the PI Network Manager to behave in an undefined manner. The vulnerability ...
CVE-2018-7531
CVE-2018-7531 affects the OSIsoft PI Data Archive (versions 2017 and earlier). The issue is an improper input validation allowing unauthenticated attackers to send unvalidated custom requests that crash the PI Data Archive server, impacting availability (CWE-20). The NVD entry provides a CVSS v3 ...