CVE-2020-25167: OSIsoft PI Vision Incorrect Authorization
Published Apr 18, 2022
·Updated
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
Affected Software
4 affected components
OSIsoft PI Vision<3.5.0
OSIsoft CRITICAL INFRASTRUCTURE SECTORS: Multiple
OSIsoft COUNTRIES/AREAS DEPLOYED: Worldwide
OSIsoft COMPANY HEADQUARTERS LOCATION: United States
Remediation
Information
OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these vulnerabilities.
Recommended defensive measures and related configuration settings are described on the OSIsoft customer portal (Login required).
Event History
Apr 18, 2022
CVE Published
via MITRE·04:20 PM
Data Sourced
via MITRE·04:20 PM
RemedyDescriptionSeverityWeakness
Aug 4, 2024
Data Sourced
via ICS·03:36 PM
SeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this OSIsoft PI Vision issue?
The vulnerability ID for this issue is CVE-2020-25167.
2
What is the title of this OSIsoft PI Vision vulnerability?
The title of this vulnerability is "OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute."
3
What is the severity rating of CVE-2020-25167?
The severity rating of CVE-2020-25167 is medium with a score of 6.5.
4
Which versions of OSIsoft PI Vision are affected by this vulnerability?
OSIsoft PI Vision 2020 versions prior to 3.5.0 are affected by this vulnerability.
5
How can this vulnerability be fixed?
To fix this vulnerability, update OSIsoft PI Vision to version 3.5.0 or later.