Pi Vision
CVE-2021-43553
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.
AnalysisAI
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. Affected products include: Osisoft Pi Vision.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Ra
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Rated medium severity (CVS
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity
A remote attacker with write access to PI Vision could inject code into a display. Rated medium severity (CVSS 5.4), thi
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vuln
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Rated medium severity (CVSS 5
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision dat
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today