Vendor
Osisoft
Products
13
CVEs
16
Across products
36
Status
Private
Products
13- 12 CVEs
- 7 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9653 | Cri | 0.64 | 9.8 | 0.01 | Aug 14, 2017 | An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. | |
| CVE-2017-7926 | Hig | 0.57 | 8.8 | 0.00 | Aug 25, 2017 | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | |
| CVE-2017-5153 | Hig | 0.51 | 7.8 | 0.00 | Feb 13, 2017 | An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. | |
| CVE-2017-7930 | Hig | 0.48 | 7.4 | 0.01 | Aug 25, 2017 | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | |
| CVE-2016-8353 | Med | 0.42 | 6.4 | 0.00 | Feb 13, 2017 | An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |
| CVE-2016-4530 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2016 | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | |
| CVE-2016-4518 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2016 | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |
| CVE-2017-7934 | Med | 0.38 | 5.9 | 0.01 | Aug 25, 2017 | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. | |
| CVE-2017-9655 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2017 | A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. | |
| CVE-2012-3008 | 0.01 | — | 0.08 | Jul 20, 2012 | Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. | ||
| CVE-2015-1013 | 0.00 | — | 0.00 | May 26, 2015 | OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. | ||
| CVE-2013-2828 | 0.00 | — | 0.00 | Apr 12, 2014 | The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line. | ||
| CVE-2013-2809 | 0.00 | — | 0.01 | Apr 12, 2014 | The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. | ||
| CVE-2013-2801 | 0.00 | — | 0.00 | Aug 22, 2013 | The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation. | ||
| CVE-2013-2800 | 0.00 | — | 0.00 | Aug 22, 2013 | The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets. | ||
| CVE-2009-0209 | 0.00 | — | 0.00 | Oct 1, 2009 | PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. |