Lucene search
+L
OsisoftPi Vision

15 matches found

CVE
CVE
added 2022/04/18 4:20 p.m.76 views

CVE-2020-25163

CVE-2020-25163 affects OSIsoft PI Vision (PI Vision 2020) prior to version 3.5.0. A remote attacker with write access to PI ProcessBook files can inject code that gets imported into PI Vision, enabling cross-site scripting and potentially unauthorized disclosure, modification, or deletion of PI S...

7.7CVSS7.2AI score0.0091EPSS
CVE
CVE
added 2020/07/27 9:20 p.m.73 views

CVE-2020-10643

CVE-2020-10643 affects OSIsoft PI Vision (PI System) with a cross-site scripting vulnerability in the PI Vision web application caused by improper input validation in a third-party component. An authenticated remote attacker can use specially crafted URLs to direct a victim using PI Vision 2019 m...

6.5CVSS5.8AI score0.00951EPSS
CVE
CVE
added 2020/01/15 6:44 p.m.71 views

CVE-2019-18273

CVE-2019-18273 affects OSIsoft PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The root cause is Cross-Site Scripting (CWE-79) due to improper handling of input during web page generation. Impact per documents: potential to introduce invalid input via the affected web interface, with the CVSSv3 base...

4.8CVSS5AI score0.00693EPSS
CVE
CVE
added 2020/01/15 6:36 p.m.69 views

CVE-2019-18275

OSIsoft PI Vision (all PI Vision versions prior to 2019) is affected by CVE-2019-18275 due to improper access control that may return unauthorized tag data when viewing analysis data reference attributes. The Red Hat entry confirms the specific vulnerability class and impact, and the CISA advisor...

6.5CVSS6.4AI score0.01096EPSS
CVE
CVE
added 2020/01/15 6:50 p.m.66 views

CVE-2019-18244

CVE-2019-18244 affects OSIsoft PI Vision (and PI System components) and is an information-disclosure issue where a local attacker could view sensitive data by accessing installation logs that contain domain service account credentials when non-default accounts are used. The Red Hat/ICS and CISA a...

4.7CVSS4.6AI score0.00254EPSS
CVE
CVE
added 2019/04/08 2:30 p.m.64 views

CVE-2018-19006

CVE-2018-19006 relates to OSIsoft PI Vision 2017 and PI Vision 2017 R2. The vulnerability is a cross-site scripting (XSS) flaw in displays that reference AF elements/attributes containing JavaScript, which can be triggered when an authorized AF user stores JavaScript in AF elements/attributes. Th...

4.8CVSS4.8AI score0.00699EPSS
CVE
CVE
added 2020/07/24 11:43 p.m.64 views

CVE-2020-10614

CVE-2020-10614 is a cross-site scripting vulnerability in OSIsoft PI System (PI Vision) where an authenticated remote attacker with write access to PI Vision databases can inject code into a display, enabling unauthorized disclosure, deletion, or modification when a user views the infected displa...

4.8CVSS5.1AI score0.00891EPSS
CVE
CVE
added 2020/01/15 6:40 p.m.61 views

CVE-2019-18271

CVE-2019-18271 affects OSIsoft PI Vision (all PI Vision versions prior to 2019) and describes a Cross-Site Request Forgery (CSRF) vulnerability introduced on the PI Vision administration site. The issue is classified under CSRF (CWE-352) with a CVSSv3 base score around 7.1 (vector: AV:N/AC:L/PR:N...

8.8CVSS8.5AI score0.00637EPSS
CVE
CVE
added 2022/04/18 4:20 p.m.57 views

CVE-2020-25167

CVE-2020-25167: OSIsoft PI Vision 2020 versions prior to 3.5.0 are affected by an Incorrect Authorization flaw that could disclose information to a user with insufficient privileges for an AF attribute. The issue arises from improper access controls. Mitigation is to update to PI Vision 2020 v3.5...

6.5CVSS5.7AI score0.00719EPSS
CVE
CVE
added 2021/11/17 6:19 p.m.54 views

CVE-2021-43551

CVE-2021-43551 affects OSIsoft PI Vision. A remote attacker with write access can inject code into a display (cross‑site scripting), potentially causing information disclosure, modification, or deletion when a victim loads/interacts with the infected display in Internet Explorer. PI Vision prior ...

6.5CVSS5.7AI score0.0059EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.53 views

CVE-2018-7500

CVE-2018-7500 affects OSIsoft PI Web API (versions 2017 R2 and prior). The issue is Privileges may be escalated, allowing access to the PI System via the service account. CVSS information in NVD indicates high/critical impact (CS: high for confidentiality, integrity, availability; network vector;...

9.8CVSS9.1AI score0.01909EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.51 views

CVE-2018-7496

CVE-2018-7496 affects OSIsoft PI Vision 2017 and earlier. The vulnerability is a Information Exposure (CWE-200) where server response header and referrer-policy header disclose unintended information. ICSA-18-072-03 notes an affected product: PI Vision versions 2017 and prior, with CVSS v3 base s...

5.3CVSS5AI score0.01273EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.45 views

CVE-2018-7508

The CVE-2018-7508 entry pertains to a Cross-site Scripting vulnerability in OSIsoft PI Web API, affecting versions 2017 R2 and prior. The root cause is improper neutralization of input during web page generation, enabling XSS. The associated ICS/CISA advisory confirms the vulnerability is in PI W...

6.1CVSS5.9AI score0.00852EPSS
CVE
CVE
added 2021/11/17 6:20 p.m.39 views

CVE-2021-43553

Summary: CVE-2021-43553 affects OSIsoft PI Vision via an Incorrect Authorization flaw that could disclose information to a user with insufficient privileges for an AF attribute that is a child of another attribute and configured as a Limits property. Affected product/area (from sources): PI Visio...

4.3CVSS4.4AI score0.00526EPSS
CVE
CVE
added 2018/03/14 6:0 p.m.38 views

CVE-2018-7504

This CVE concerns OSIsoft PI Vision (versions 2017 and prior). Root cause: Protection Mechanism Failure due to the X-XSS-Protection header not being set to block, enabling reflected cross-site scripting. Affected: PI Vision 2017 and earlier. Impact: potential cross-site scripting; possibly inform...

6.1CVSS5.8AI score0.00852EPSS