Every CVE whose affected-product data names Osisoft Pi Vision, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2018-7500 — CVSS 9.8 (critical): A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be…
CVE-2019-18271 — CVSS 8.8 (high): OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be…
CVE-2020-25163 — CVSS 7.7 (high): A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior…
CVE-2021-43551 — CVSS 6.5 (medium): A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or…
CVE-2020-10643 — CVSS 6.5 (medium): An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due…
CVE-2019-18275 — CVSS 6.5 (medium): OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may…
CVE-2018-7504 — CVSS 6.1 (medium): A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is…
CVE-2018-7508 — CVSS 6.1 (medium): A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is…
CVE-2018-7496 — CVSS 5.3 (medium): An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy…
CVE-2020-25167 — CVSS 4.9 (medium): OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
CVE-2018-19006 — CVSS 4.8 (medium): OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where…
CVE-2019-18273 — CVSS 4.8 (medium): OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow…
CVE-2020-10614 — CVSS 4.8 (medium): In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject…
CVE-2019-18244 — CVSS 4.7 (medium): In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts…
CVE-2021-43553 — CVSS 3.1 (low): PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and…