Unrated severityNVD Advisory· Published May 26, 2015· Updated May 6, 2026

CVE-2015-1013

Description

OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.

Affected products

Osisoft/Pi Server
cpe:2.3:a:osisoft:pi_server:2.6:*:*:*:*:*:*:*
Osisoft/Pi SQL For Af
cpe:2.3:a:osisoft:pi_sql_for_af:2.1.2.19:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-15-132-01nvdThird Party AdvisoryUS Government Resource
techsupport.osisoft.com/Troubleshooting/Alerts/AL00280nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000