Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osisoft vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-9655
A Cross-Site Scripting issue exists in OSIsoft PI Integrator for Business Analytics prior to 2016 R2, PI Integrator for Microsoft Azure prior to 2016 R2 SP1, and PI Integrator for SAP HANA prior to 2017. An attacker may be able to upload a malicious script that attempts to redire...
Osisoft Pi Integrator For Sap Hana
Osisoft Pi Integrator For Microsoft Azure
Osisoft Pi Integrator For Business Analystics
2.1
CVSSv2
CVE-2017-5153
An issue exists in OSIsoft PI Coresight 2016 R2 and previous versions versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow servic...
Osisoft Pi Web Api 2016-r2
Osisoft Pi Coresight
7.2
CVSSv2
CVE-2018-7533
An Incorrect Default Permissions issue exists in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.
Osisoft Pi Data Archive 2017
Osisoft Pi Data Archive
7.1
CVSSv2
CVE-2018-7531
An Improper Input Validation issue exists in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server.
Osisoft Pi Data Archive
Osisoft Pi Data Archive 2017
NA
CVE-2022-27893
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
Osisoft-pi-web-connector Project Osisoft-pi-web-connector
6
CVSSv2
CVE-2020-12021
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an malicious user to remotely execute arbitrary code.
Osisoft Pi Web Api
Osisoft Pi Web Api 2019
6.5
CVSSv2
CVE-2015-1013
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.
Osisoft Pi Sql For Af 2.1.2.19
Osisoft Pi Server 2.6
7.5
CVSSv2
CVE-2017-9653
An Improper Authorization issue exists in OSIsoft PI Integrator for Business Analytics prior to 2016 R2, PI Integrator for Microsoft Azure prior to 2016 R2 SP1, and PI Integrator for SAP HANA prior to 2017. An attacker is able to gain privileged access to the system while unautho...
Osisoft Pi Integrator For Business Analystics 2016
Osisoft Pi Integrator For Microsoft Azure 2016
Osisoft Pi Integrator For Sap Hana 2016
8.5
CVSSv2
CVE-2012-3008
Stack-based buffer overflow in OSIsoft PI OPC DA Interface prior to 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items.
Osisoft Pi Opc Da Interface
Osisoft Pi Opc Da Interface 2.3.16.16
3.5
CVSSv2
CVE-2021-43551
A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System d...
Osisoft Pi Vision
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »