Pi Web Api@* Security Vulnerabilities and Issues — Pi Web Api@* CVE List

Lucene search

OsisoftPi Web Api*

6 matches found

CVE•added 2019/08/15 7:15 p.m.•99 views

CVE-2019-13516

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

8.8CVSS8.5AI score0.00088EPSS

CVE•added 2019/08/15 7:15 p.m.•93 views

CVE-2019-13515

OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.

6.5CVSS6.4AI score0.00234EPSS

CVE•added 2020/06/23 10:15 p.m.•42 views

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.

9CVSS8.6AI score0.00592EPSS

CVE•added 2018/03/14 6:29 p.m.•41 views

CVE-2018-7500

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.

9.8CVSS9.1AI score0.005EPSS

CVE•added 2021/11/18 3:15 p.m.•39 views

CVE-2021-43549

A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.

6.9CVSS5AI score0.00135EPSS

CVE•added 2018/03/14 6:29 p.m.•34 views

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.

6.1CVSS5.9AI score0.0018EPSS