In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HOsisoft Pi Api
APPOsisoft≤ 1.6.8.26≤ 2.0.2.5Osisoft Pi Buffer Subsystem
APPOsisoft≤ 4.8.0.18Osisoft Pi Connector
APPOsisoft≤ 1.0.0.54≤ 1.1.0.10≤ 1.2.0.6≤ 1.2.0.42≤ 1.2.1.71≤ 1.2.2.79≤ 1.3.0.1≤ 1.3.0.130≤ 1.3.1.135≤ 1.4.0.17≤ 1.5.0.88Osisoft Pi Connector Relay
APPOsisoft≤ 2.5.19.0Osisoft Pi Data Archive
APPOsisoft≤ 3.4.430.460Osisoft Pi Data Collection Manager
APPOsisoft≤ 2.5.19.0Osisoft Pi Integrator
APPOsisoft≤ 2.2.0.183Osisoft Pi Interface Configuration Utility
APPOsisoft≤ 1.5.0.7Osisoft Pi To Ocs
APPOsisoft≤ 1.1.36.0
Related vulnerabilities
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network...
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a bin...
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by...
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Inse...
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. U...