CVE-2021-43549 MEDIUM

CVE-2021-43549: OSIsoft PI Web API

Vendor Osisoft
Product PI Web API
Weakness CWE-79 · XSS
Published November 18, 2021
Last update September 16, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.

Key dates

02Disclosure timeline

November 18, 2021 CVE published
September 16, 2024 Record updated