CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43549 – OSIsoft PI Web API
https://notcve.org/view.php?id=CVE-2021-43549
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. Un atacante remoto autenticado con acceso de escritura a un servidor PI podría engañar a un usuario para que interactuara con un endpoint de la API web de PI y lo redirigiera a un sitio web malicioso. Como resultado, una víctima podría revelar información confidencial al atacante o recibir información falsa. • https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12021
https://notcve.org/view.php?id=CVE-2020-12021
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. En OSIsoft PI Web API 2019 Parche 1 (1.12.0.6346) y todas las versiones anteriores, el producto afectado es vulnerable a un ataque de tipo cross-site scripting, que puede permitir a un atacante ejecutar código arbitrario remotamente • https://www.us-cert.gov/ics/advisories/icsa-20-163-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13516
https://notcve.org/view.php?id=CVE-2019-13516
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. En OSIsoft PI Web API y anteriores, el producto afectado es vulnerable a un ataque directo debido a una configuración de la protección de cross-site request forgery que no ha tenido efecto. • https://www.us-cert.gov/ics/advisories/icsa-19-225-02 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-693: Protection Mechanism Failure •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13515
https://notcve.org/view.php?id=CVE-2019-13515
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. OSIsoft PI Web API versión 2018 y anteriores, puede permitir la divulgación de información confidencial. • https://www.us-cert.gov/ics/advisories/icsa-19-225-02 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7508
https://notcve.org/view.php?id=CVE-2018-7508
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. e ha descubierto un problema de Cross-Site Scripting (XSS) en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Podría darse Cross-Site Scripting (XSS) cuando las entradas se neutralizan de forma incorrecta. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •