Pi Vision
CVE-2018-7496
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure.
AnalysisAI
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. Affected products include: Osisoft Pi Vision.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Ra
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Rated medium severity (CVS
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity
A remote attacker with write access to PI Vision could inject code into a display. Rated medium severity (CVSS 5.4), thi
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vuln
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision dat
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of ano
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today