ID
VAR-202011-1506
CVE
CVE-2020-25163
TITLE
OSIsoft of OSIsoft PI Vision Cross-site scripting vulnerability in
Trust: 0.8
DESCRIPTION
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | osisoft | model: | pi vision | scope: | lt | version: | 2020 | Trust: 1.0 |
| vendor: | osisoft | model: | pi vision | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | osisoft | model: | pi vision | scope: | - | version: | - | Trust: 0.8 |
| vendor: | osisoft | model: | pi vision | scope: | eq | version: | 2020 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [ others ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
PATCH
| title: | OSIsoft PI Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133829 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-25163 | Trust: 3.3 |
| db: | ICS CERT | id: | ICSA-20-315-02 | Trust: 2.5 |
| db: | JVN | id: | JVNVU97890337 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2020-017700 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2020.4027 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202011-847 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2020-25163 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02 | Trust: 2.5 |
| url: | https://jvn.jp/vu/jvnvu97890337/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-25163 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.4027/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2020-25163/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/79.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2020-25163 |
| db: | JVNDB | id: | JVNDB-2020-017700 |
| db: | CNNVD | id: | CNNVD-202011-847 |
| db: | NVD | id: | CVE-2020-25163 |
LAST UPDATE DATE
2024-08-14T13:54:25.154000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2020-25163 | date: | 2022-04-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-017700 | date: | 2023-07-27T08:20:00 |
| db: | CNNVD | id: | CNNVD-202011-847 | date: | 2022-04-28T00:00:00 |
| db: | NVD | id: | CVE-2020-25163 | date: | 2022-04-27T03:21:59.283 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2020-25163 | date: | 2022-04-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-017700 | date: | 2023-07-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202011-847 | date: | 2020-11-10T00:00:00 |
| db: | NVD | id: | CVE-2020-25163 | date: | 2022-04-18T17:15:12.230 |