First published: Wed Nov 17 2021(Updated: )
A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
OSIsoft PI Vision | <2021 | |
OSIsoft PI:Vision | <2021 | 2021 |
<2021 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-43551.
The severity of CVE-2021-43551 is medium with a CVSS score of 5.4.
CVE-2021-43551 allows a remote attacker with write access to PI Vision to inject code into a display, leading to unauthorized information disclosure, modification, or deletion.
CVE-2021-43551 affects OSIsoft PI Vision version up to but excluding 2021.
To fix CVE-2021-43551, it is recommended to apply the necessary security patches or updates provided by OSIsoft.