CVE-2020-25163
Last modified
CVE-2020-25163 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Osisoft | Pi Vision | < 2020 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25163?
How severe is CVE-2020-25163?
How do I fix CVE-2020-25163?
Are you affected by CVE-2020-25163?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST