15 matches found
CVE-2020-25163
CVE-2020-25163 affects OSIsoft PI Vision (PI Vision 2020) prior to version 3.5.0. A remote attacker with write access to PI ProcessBook files can inject code that gets imported into PI Vision, enabling cross-site scripting and potentially unauthorized disclosure, modification, or deletion of PI S...
CVE-2020-10643
CVE-2020-10643 affects OSIsoft PI Vision (PI System) with a cross-site scripting vulnerability in the PI Vision web application caused by improper input validation in a third-party component. An authenticated remote attacker can use specially crafted URLs to direct a victim using PI Vision 2019 m...
CVE-2019-18273
CVE-2019-18273 affects OSIsoft PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The root cause is Cross-Site Scripting (CWE-79) due to improper handling of input during web page generation. Impact per documents: potential to introduce invalid input via the affected web interface, with the CVSSv3 base...
CVE-2019-18275
OSIsoft PI Vision (all PI Vision versions prior to 2019) is affected by CVE-2019-18275 due to improper access control that may return unauthorized tag data when viewing analysis data reference attributes. The Red Hat entry confirms the specific vulnerability class and impact, and the CISA advisor...
CVE-2019-18244
CVE-2019-18244 affects OSIsoft PI Vision (and PI System components) and is an information-disclosure issue where a local attacker could view sensitive data by accessing installation logs that contain domain service account credentials when non-default accounts are used. The Red Hat/ICS and CISA a...
CVE-2018-19006
CVE-2018-19006 relates to OSIsoft PI Vision 2017 and PI Vision 2017 R2. The vulnerability is a cross-site scripting (XSS) flaw in displays that reference AF elements/attributes containing JavaScript, which can be triggered when an authorized AF user stores JavaScript in AF elements/attributes. Th...
CVE-2020-10614
CVE-2020-10614 is a cross-site scripting vulnerability in OSIsoft PI System (PI Vision) where an authenticated remote attacker with write access to PI Vision databases can inject code into a display, enabling unauthorized disclosure, deletion, or modification when a user views the infected displa...
CVE-2019-18271
CVE-2019-18271 affects OSIsoft PI Vision (all PI Vision versions prior to 2019) and describes a Cross-Site Request Forgery (CSRF) vulnerability introduced on the PI Vision administration site. The issue is classified under CSRF (CWE-352) with a CVSSv3 base score around 7.1 (vector: AV:N/AC:L/PR:N...
CVE-2020-25167
CVE-2020-25167: OSIsoft PI Vision 2020 versions prior to 3.5.0 are affected by an Incorrect Authorization flaw that could disclose information to a user with insufficient privileges for an AF attribute. The issue arises from improper access controls. Mitigation is to update to PI Vision 2020 v3.5...
CVE-2021-43551
CVE-2021-43551 affects OSIsoft PI Vision. A remote attacker with write access can inject code into a display (cross‑site scripting), potentially causing information disclosure, modification, or deletion when a victim loads/interacts with the infected display in Internet Explorer. PI Vision prior ...
CVE-2018-7500
CVE-2018-7500 affects OSIsoft PI Web API (versions 2017 R2 and prior). The issue is Privileges may be escalated, allowing access to the PI System via the service account. CVSS information in NVD indicates high/critical impact (CS: high for confidentiality, integrity, availability; network vector;...
CVE-2018-7496
CVE-2018-7496 affects OSIsoft PI Vision 2017 and earlier. The vulnerability is a Information Exposure (CWE-200) where server response header and referrer-policy header disclose unintended information. ICSA-18-072-03 notes an affected product: PI Vision versions 2017 and prior, with CVSS v3 base s...
CVE-2018-7508
The CVE-2018-7508 entry pertains to a Cross-site Scripting vulnerability in OSIsoft PI Web API, affecting versions 2017 R2 and prior. The root cause is improper neutralization of input during web page generation, enabling XSS. The associated ICS/CISA advisory confirms the vulnerability is in PI W...
CVE-2021-43553
Summary: CVE-2021-43553 affects OSIsoft PI Vision via an Incorrect Authorization flaw that could disclose information to a user with insufficient privileges for an AF attribute that is a child of another attribute and configured as a Limits property. Affected product/area (from sources): PI Visio...
CVE-2018-7504
This CVE concerns OSIsoft PI Vision (versions 2017 and prior). Root cause: Protection Mechanism Failure due to the X-XSS-Protection header not being set to block, enabling reflected cross-site scripting. Affected: PI Vision 2017 and earlier. Impact: potential cross-site scripting; possibly inform...