Learn about CVE-2020-25167, an incorrect authorization vulnerability in OSIsoft PI Vision 2020 versions prior to 3.5.0. Find out the impact, affected systems, mitigation steps, and how to prevent unauthorized access.
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
Understanding CVE-2020-25167
OSIsoft reported these vulnerabilities to CISA.
What is CVE-2020-25167?
CVE-2020-25167 refers to an incorrect authorization vulnerability in OSIsoft PI Vision 2020 versions prior to 3.5.0. This vulnerability could allow a user with insufficient privileges to access information related to an AF attribute.
The Impact of CVE-2020-25167
The impact of this vulnerability is rated as medium severity with a CVSS base score of 4.9. It has a high confidentiality impact, requiring high privileges for exploitation, but does not affect system integrity or availability.
Technical Details of CVE-2020-25167
OSIsoft PI Vision Incorrect Authorization
Vulnerability Description
The vulnerability allows unauthorized users to access information on an AF attribute due to incorrect authorization settings.
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
OSIsoft released PI Vision 2020 Version 3.5.0 to address this vulnerability.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates