CVE-2021-43551: OSIsoft PI Vision

Q: What is the vulnerability ID of the PI Vision vulnerability?

The vulnerability ID is CVE-2021-43551.

Q: What is the severity of CVE-2021-43551?

The severity of CVE-2021-43551 is medium with a CVSS score of 5.4.

Q: How does CVE-2021-43551 affect PI Vision?

CVE-2021-43551 allows a remote attacker with write access to PI Vision to inject code into a display, leading to unauthorized information disclosure, modification, or deletion.

Q: Which software is affected by CVE-2021-43551?

CVE-2021-43551 affects OSIsoft PI Vision version up to but excluding 2021.

Q: How can I fix CVE-2021-43551?

To fix CVE-2021-43551, it is recommended to apply the necessary security patches or updates provided by OSIsoft.

Published Nov 17, 2021

Updated

A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions.

Affected Software

2 affected componentsFixes available

OSIsoft PI Vision<2021

OSIsoft PI:Vision<2021

2021

Event History

Nov 17, 2021

CVE Published

via MITRE·06:19 PM

Data Sourced

via MITRE·06:19 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·07:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

ICSA-21-313-05

Frequently Asked Questions

What is the vulnerability ID of the PI Vision vulnerability?

The vulnerability ID is CVE-2021-43551.

What is the severity of CVE-2021-43551?

The severity of CVE-2021-43551 is medium with a CVSS score of 5.4.

How does CVE-2021-43551 affect PI Vision?

CVE-2021-43551 allows a remote attacker with write access to PI Vision to inject code into a display, leading to unauthorized information disclosure, modification, or deletion.

Which software is affected by CVE-2021-43551?