What is CVE-2020-25163?

CVE-2020-25163 is a vulnerability that allows a remote attacker with write access to PI ProcessBook files to inject code into OSIsoft PI Vision 2020 versions prior to 3.5.0.

How does CVE-2020-25163 impact OSIsoft PI Vision 2020?

CVE-2020-25163 allows unauthorized information disclosure, modification, or deletion if a victim views or interacts with an infected display in OSIsoft PI Vision 2020.

What is the severity of CVE-2020-25163?

CVE-2020-25163 has a severity rating of 7.3, which is considered high.

How can an attacker exploit CVE-2020-25163?

An attacker with write access to PI ProcessBook files can inject malicious code, which is then imported into OSIsoft PI Vision displays.

Is there a fix available for CVE-2020-25163?

Yes, a fix for CVE-2020-25163 is available in OSIsoft PI Vision version 3.5.0 and later.

Vulnerability/
CVE-2020-25163

high

7.7

CWE

18/4/2022

4/8/2024

CVE-2020-25163: OSIsoft PI Vision Cross-site Scripting

First published: Mon Apr 18 2022(Updated: )

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
OSIsoft PI Vision	<2020
OSIsoft CRITICAL INFRASTRUCTURE SECTORS: Multiple
OSIsoft COUNTRIES/AREAS DEPLOYED: Worldwide
OSIsoft COMPANY HEADQUARTERS LOCATION: United States

Remedy

OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these vulnerabilities. Recommended defensive measures and related configuration settings are described on the OSIsoft customer portal (Login required).

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-315-02

Frequently Asked Questions

What is CVE-2020-25163?
CVE-2020-25163 is a vulnerability that allows a remote attacker with write access to PI ProcessBook files to inject code into OSIsoft PI Vision 2020 versions prior to 3.5.0.
How does CVE-2020-25163 impact OSIsoft PI Vision 2020?
CVE-2020-25163 allows unauthorized information disclosure, modification, or deletion if a victim views or interacts with an infected display in OSIsoft PI Vision 2020.
What is the severity of CVE-2020-25163?
CVE-2020-25163 has a severity rating of 7.3, which is considered high.
How can an attacker exploit CVE-2020-25163?
An attacker with write access to PI ProcessBook files can inject malicious code, which is then imported into OSIsoft PI Vision displays.
Is there a fix available for CVE-2020-25163?
Yes, a fix for CVE-2020-25163 is available in OSIsoft PI Vision version 3.5.0 and later.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/title
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/severity
agent/references
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/trending
vendor/osisoft
canonical/osisoft pi vision
canonical/osisoft critical infrastructure sectors: multiple
canonical/osisoft countries/areas deployed: worldwide
canonical/osisoft company headquarters location: united states

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.