Vulnerabilities (CVE)

Filtered by vendor Osisoft Subscribe

Filtered by product Pi Web Api

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-12021	1 Osisoft	1 Pi Web Api	2020-07-02	6.0 MEDIUM	9.0 CRITICAL
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
CVE-2018-7500	1 Osisoft	2 Pi Vision, Pi Web Api	2019-10-09	7.5 HIGH	9.8 CRITICAL
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.