Pi Vision
CVE-2018-7504
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.
AnalysisAI
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-693. A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. Affected products include: Osisoft Pi Vision.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Ra
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Rated medium severity (CVS
A remote attacker with write access to PI Vision could inject code into a display. Rated medium severity (CVSS 5.4), thi
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vuln
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity (CVSS 5
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision dat
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of ano
Same weakness CWE-693 – Protection Mechanism Failure
View allShare
External POC / Exploit Code
Leaving vuln.today