Cloud Defense Logo

Products

Solutions

Company

CVE-2020-25167 : Vulnerability Insights and Analysis

Learn about CVE-2020-25167, an incorrect authorization vulnerability in OSIsoft PI Vision 2020 versions prior to 3.5.0. Find out the impact, affected systems, mitigation steps, and how to prevent unauthorized access.

OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.

Understanding CVE-2020-25167

OSIsoft reported these vulnerabilities to CISA.

What is CVE-2020-25167?

CVE-2020-25167 refers to an incorrect authorization vulnerability in OSIsoft PI Vision 2020 versions prior to 3.5.0. This vulnerability could allow a user with insufficient privileges to access information related to an AF attribute.

The Impact of CVE-2020-25167

The impact of this vulnerability is rated as medium severity with a CVSS base score of 4.9. It has a high confidentiality impact, requiring high privileges for exploitation, but does not affect system integrity or availability.

Technical Details of CVE-2020-25167

OSIsoft PI Vision Incorrect Authorization

Vulnerability Description

The vulnerability allows unauthorized users to access information on an AF attribute due to incorrect authorization settings.

Affected Systems and Versions

        Product: PI Vision
        Vendor: OSIsoft
        Versions Affected: OSIsoft PI Vision 2020 versions prior to 3.5.0

Exploitation Mechanism

        Attack Vector: Network
        Attack Complexity: Low
        Privileges Required: High
        User Interaction: None
        Scope: Unchanged

Mitigation and Prevention

OSIsoft released PI Vision 2020 Version 3.5.0 to address this vulnerability.

Immediate Steps to Take

        Update to OSIsoft PI Vision 2020 Version 3.5.0 or later.
        Review and adjust user privileges to ensure proper access control.

Long-Term Security Practices

        Regularly review and update access control policies.
        Monitor and audit user activities to detect unauthorized access attempts.

Patching and Updates

        Apply security patches promptly.
        Follow OSIsoft's recommended defensive measures and configuration settings available on their customer portal.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now