A remote attacker with write access to PI ProcessBook files could inject code that is imported into PI Vision. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display.
PI Vision could disclose information to a user with insufficient privileges for an AF attribute.
All versions prior to PI Vision 2020 are affected
OSIsoft released PI Vision 2020 Version 3.5.0 to address this vulnerability.