First published: Tue Jun 23 2020(Updated: )
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
OSIsoft PI Web API | <=2019 | |
OSIsoft PI Web API | =2019-patch_1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12021 is a vulnerability in OSIsoft PI Web API 2019 Patch 1 and previous versions that allows for a cross-site scripting attack.
The CVE-2020-12021 vulnerability has a severity level of critical.
OSIsoft PI Web API versions up to and including 2019 Patch 1 (1.12.0.6346) are affected by CVE-2020-12021.
An attacker can exploit CVE-2020-12021 by executing arbitrary code through a cross-site scripting attack.
It is recommended to upgrade to a version of OSIsoft PI Web API that is not affected by CVE-2020-12021. Refer to the vendor's website for the latest patches and updates.