CVE-2020-25163

Name of the Vulnerable Software and Affected Versions OSIsoft PI Vision 2020 versions prior to 3.5.0

Description A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This issue affects PI System data and other data accessible with the victim's user permissions.

Recommendations For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to PI ProcessBook files to prevent unauthorized code injection. Avoid interacting with potentially infected displays until the issue is resolved.