← volver
CVE-2020-25163

OSIsoft PI Vision Cross-site Scripting

CVSS 7.7 HIGHEPSS 0.9%CWE-79
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 abr 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Productos afectados
OSIsoft · PI Vision

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02