Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
127 vulnerabilities by osisoft
VAR-201606-0252
Vulnerability from variot - Updated: 2023-12-18 13:39OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. The PI AF Server is the core product of the PI System. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi af server 2016",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.7.0"
},
{
"model": "pi af server 2016",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2.8.0"
},
{
"model": "pi af server",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2.8.0"
},
{
"model": "pi af server 2016",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi af server 2016",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_af_server_2016:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91194"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4518",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-04194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "1d152233-c874-4f21-b459-78399664c0b1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4518",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4518",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-309",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. The PI AF Server is the core product of the PI System. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "BID",
"id": "91194"
},
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4518",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-166-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-04194",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306",
"trust": 0.8
},
{
"db": "BID",
"id": "91194",
"trust": 0.3
},
{
"db": "IVD",
"id": "1D152233-C874-4F21-B459-78399664C0B1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "BID",
"id": "91194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"id": "VAR-201606-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
}
]
},
"last_update_date": "2023-12-18T13:39:10.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OSIsoft Releases Security Update in PI AF Server 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00301"
},
{
"title": "OSIsoft PI AF Server Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77857"
},
{
"title": "OSIsoft PI AF Server Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62259"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-166-02"
},
{
"trust": 1.6,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00301"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4518"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4518"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "BID",
"id": "91194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "91194"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"date": "2016-06-19T20:59:13.393000",
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"date": "2016-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "91194"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003306"
},
{
"date": "2016-06-21T22:49:44.147000",
"db": "NVD",
"id": "CVE-2016-4518"
},
{
"date": "2016-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI AF Server Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNVD",
"id": "CNVD-2016-04194"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "1d152233-c874-4f21-b459-78399664c0b1"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-309"
}
],
"trust": 0.8
}
}
VAR-202006-0319
Vulnerability from variot - Updated: 2023-12-18 13:37In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. PI Web API Is PI System Used when accessing RESTful The interface. This product supports client applications to read and write access to its AF and PI data via HTTPS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.0,
"vendor": "osisoft",
"version": "2019"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2019"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2019 patch 1 (1.12.0.6346)"
},
{
"model": "pi web api patch",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=20191(1.12.0.6346)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2019:patch_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12021"
}
]
},
"cve": "CVE-2020-12021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-51561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005435",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12021",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005435",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-921",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. PI Web API Is PI System Used when accessing RESTful The interface. This product supports client applications to read and write access to its AF and PI data via HTTPS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "CNVD",
"id": "CNVD-2020-51561"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12021",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92610962",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-51561",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47160",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"id": "VAR-202006-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
}
]
},
"last_update_date": "2023-12-18T13:37:48Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PI Web API",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/documentation/pi-web-api/help.html"
},
{
"title": "Patch for OSIsoft PI Web API cross-site scripting vulnerability (CNVD-2020-51561)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233590"
},
{
"title": "OSIsoft PI Web API Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122995"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12021"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92610962/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47160"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12021"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2064/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"date": "2020-06-23T22:15:13.980000",
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005435"
},
{
"date": "2020-07-02T18:34:50.563000",
"db": "NVD",
"id": "CVE-2020-12021"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft Made PI Web API 2019 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-921"
}
],
"trust": 0.6
}
}
VAR-201708-1388
Vulnerability from variot - Updated: 2023-12-18 13:29A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. OSIsoft PI Web API is a product for accessing PI system data. The program failed to properly validate the HTTP request. An attacker could exploit the vulnerability to perform certain unauthorized operations and access the affected application. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "1.8"
},
{
"model": "pi web api",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017 (1.9.0)"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "20171.9.0"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20161.7.0.176"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20151.5.1"
},
{
"model": "pi web api",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20171.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi web api",
"version": "1.8"
}
],
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "BID",
"id": "99058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7926"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99058"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7926",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7926",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-16356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7926",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7926",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-16356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. OSIsoft PI Web API is a product for accessing PI system data. The program failed to properly validate the HTTP request. An attacker could exploit the vulnerability to perform certain unauthorized operations and access the affected application. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "BID",
"id": "99058"
},
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7926",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-03",
"trust": 2.7
},
{
"db": "BID",
"id": "99058",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-16356",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335",
"trust": 0.8
},
{
"db": "IVD",
"id": "E1BB21C8-8650-4E7F-A184-0A29A764DF9F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "BID",
"id": "99058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"id": "VAR-201708-1388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
}
],
"trust": 1.3875000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
}
]
},
"last_update_date": "2023-12-18T13:29:10.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00316 - OSIsoft releases security update in PI Web API 2017 for CSRF vulnerability",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00316"
},
{
"title": "Patch for OSIsoft PI Web API Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/98751"
},
{
"title": "OSIsoft PI Web API Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99753"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-03"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99058"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7926"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7926"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "BID",
"id": "99058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "BID",
"id": "99058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99058"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"date": "2017-08-25T19:29:00.300000",
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99058"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007335"
},
{
"date": "2019-10-09T23:29:59.187000",
"db": "NVD",
"id": "CVE-2017-7926"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
},
{
"db": "CNVD",
"id": "CNVD-2017-16356"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1044"
}
],
"trust": 0.6
}
}
VAR-201803-2222
Vulnerability from variot - Updated: 2023-12-18 13:28An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "eq",
"trust": 1.9,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi data archive r2",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "2017"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7533"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103399"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7533",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-7533",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-05302",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7533",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7533",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05302",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7533",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-02",
"trust": 3.3
},
{
"db": "BID",
"id": "103399",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05302",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E59B81-39AB-11E9-A837-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"id": "VAR-201803-2222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
}
],
"trust": 1.2761904800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
}
]
},
"last_update_date": "2023-12-18T13:28:58.608000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Data Archive Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121505"
},
{
"title": "OSIsoft PI Data Archive Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.0
},
{
"problemtype": "CWE-275",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103399"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7533"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"date": "2018-03-14T18:29:00.780000",
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05302"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003017"
},
{
"date": "2019-10-09T23:42:23.970000",
"db": "NVD",
"id": "CVE-2018-7533"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Data Archive Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-453"
}
],
"trust": 0.6
}
}
VAR-201803-2219
Vulnerability from variot - Updated: 2023-12-18 13:28A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi data archive r2",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "data archive",
"scope": "eq",
"trust": 0.2,
"vendor": "pi",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7529"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103399"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7529",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05303",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7529",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7529",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-455",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7529",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-02",
"trust": 3.3
},
{
"db": "BID",
"id": "103399",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05303",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E59B80-39AB-11E9-B243-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"id": "VAR-201803-2219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
}
],
"trust": 1.41309524
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
}
]
},
"last_update_date": "2023-12-18T13:28:58.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121507"
},
{
"title": "OSIsoft PI Data Archive Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79105"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103399"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7529"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"date": "2018-03-14T18:29:00.670000",
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05303"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003015"
},
{
"date": "2019-10-09T23:42:23.503000",
"db": "NVD",
"id": "CVE-2018-7529"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Data Archive Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-455"
}
],
"trust": 0.8
}
}
VAR-201803-2220
Vulnerability from variot - Updated: 2023-12-18 13:28An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "eq",
"trust": 1.9,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi data archive r2",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "2017"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103399"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7531",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7531",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-05301",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7531",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7531",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05301",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-454",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7531",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-02",
"trust": 3.3
},
{
"db": "BID",
"id": "103399",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05301",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E59B82-39AB-11E9-9DFB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"id": "VAR-201803-2220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
}
],
"trust": 1.2761904800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
}
]
},
"last_update_date": "2023-12-18T13:28:58.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "OSIsoft PI Data Archive patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121503"
},
{
"title": "OSIsoft PI Data Archive Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79104"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103399"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7531"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"date": "2018-03-14T18:29:00.733000",
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05301"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103399"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"date": "2019-10-09T23:42:23.720000",
"db": "NVD",
"id": "CVE-2018-7531"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Data Archive Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003016"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
},
{
"db": "BID",
"id": "103399"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-454"
}
],
"trust": 1.1
}
}
VAR-201804-0079
Vulnerability from variot - Updated: 2023-12-18 13:28OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi sdk",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.4.6"
},
{
"model": "pi buffer subsystem",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "4.5.0"
},
{
"model": "pi data archive",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.400.1162"
},
{
"model": "pi af client",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.8.0"
},
{
"model": "pi af client",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 2.8.0"
},
{
"model": "pi buffer subsystem",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "4.4 and less"
},
{
"model": "pi data archive",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2015 3.4.395.64"
},
{
"model": "pi sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 1.4.6"
},
{
"model": "pi af client",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016(2.8.0)"
},
{
"model": "pi software development kit",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016(1.4.6)"
},
{
"model": "pi data archive",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016(3.4.400.1162)"
},
{
"model": "pi sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi buffer subsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "4.4"
},
{
"model": "pi af client",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20161.4.6"
},
{
"model": "pi data archive",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20163.4.400.1162"
},
{
"model": "pi buffer subsystem",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "4.5"
},
{
"model": "pi af client",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20162.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi af client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi buffer subsystem",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi sdk",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "BID",
"id": "94165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_af_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_sdk:*:*:*:*:2016:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:2016:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.400.1162",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8365"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "94165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8365",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8365",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11094",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8365",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8365",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-11094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-316",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "BID",
"id": "94165"
},
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8365",
"trust": 3.5
},
{
"db": "BID",
"id": "94165",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-11094",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008",
"trust": 0.8
},
{
"db": "IVD",
"id": "87D38CA7-2043-4E29-9C00-8DBD6630ADD8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "BID",
"id": "94165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"id": "VAR-201804-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
}
],
"trust": 1.5003968266666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
}
]
},
"last_update_date": "2023-12-18T13:28:58.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OSIsoft Releases Security Updates for Core Networking Component in PI System 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00308"
},
{
"title": "OSIsoft PI System Local Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83850"
},
{
"title": "OSIsoft PI System Fixes for local denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65684"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/ics-vu-313-03"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/94165"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00308"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8365"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8365"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "BID",
"id": "94165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"db": "BID",
"id": "94165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-15T00:00:00",
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"date": "2016-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94165"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"date": "2018-04-03T14:29:00.247000",
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"date": "2016-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11094"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94165"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009008"
},
{
"date": "2019-10-09T23:19:57.193000",
"db": "NVD",
"id": "CVE-2016-8365"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI System Local Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNVD",
"id": "CNVD-2016-11094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-316"
}
],
"trust": 0.8
}
}
VAR-201904-0718
Vulnerability from variot - Updated: 2023-12-18 13:18OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. OSIsoft PI Vision 2017 and PI Vision 2017 R2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0718",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "eq",
"trust": 2.1,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017 r2"
},
{
"model": "pi vision r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision r2 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
}
],
"sources": [
{
"db": "BID",
"id": "107002"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft reported this vulnerability to NCCIC.,The vendor reported these issues.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
],
"trust": 0.6
},
"cve": "CVE-2018-19006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19006",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-19006",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19006",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-527",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nOSIsoft PI Vision 2017 and PI Vision 2017 R2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "BID",
"id": "107002"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-043-01",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-19006",
"trust": 2.7
},
{
"db": "BID",
"id": "107002",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "107002"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"id": "VAR-201904-0718",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T13:18:47.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "OSIsoft PI Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89338"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19006"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19006"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/107002"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "BID",
"id": "107002"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "107002"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107002"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"date": "2019-04-08T15:29:00.763000",
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107002"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015233"
},
{
"date": "2019-10-09T23:37:35.410000",
"db": "NVD",
"id": "CVE-2018-19006"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Vision Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-527"
}
],
"trust": 0.6
}
}
VAR-202011-1506
Vulnerability from variot - Updated: 2023-12-18 13:18A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "2020"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2020"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25163"
}
]
},
"cve": "CVE-2020-25163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-25163",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25163",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25163",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25163",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-847",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-25163",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim\u2019s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "VULMON",
"id": "CVE-2020-25163"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25163",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-315-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97890337",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.4027",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-847",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25163",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"id": "VAR-202011-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T13:18:02.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OSIsoft PI Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133829"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97890337/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25163"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4027/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-25163/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"date": "2023-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"date": "2022-04-18T17:15:12.230000",
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25163"
},
{
"date": "2023-07-27T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-017700"
},
{
"date": "2022-04-27T03:21:59.283000",
"db": "NVD",
"id": "CVE-2020-25163"
},
{
"date": "2022-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft\u00a0 of \u00a0OSIsoft\u00a0PI\u00a0Vision\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017700"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-847"
}
],
"trust": 0.6
}
}
VAR-202011-1507
Vulnerability from variot - Updated: 2023-12-18 13:18OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.5.0"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "3.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25167"
}
]
},
"cve": "CVE-2020-25167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-25167",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25167",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25167",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25167",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-844",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25167",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "VULMON",
"id": "CVE-2020-25167"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25167",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-315-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97890337",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.4027",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-844",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25167",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"id": "VAR-202011-1507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T13:18:02.725000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco ASR 9000 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133827"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25167"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97890337/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-25167/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4027/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"date": "2023-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"date": "2022-04-18T17:15:12.300000",
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25167"
},
{
"date": "2023-07-27T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-017699"
},
{
"date": "2022-04-26T19:17:47.363000",
"db": "NVD",
"id": "CVE-2020-25167"
},
{
"date": "2022-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft\u00a0 of \u00a0OSIsoft\u00a0PI\u00a0Vision\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017699"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-844"
}
],
"trust": 0.6
}
}
VAR-201803-2205
Vulnerability from variot - Updated: 2023-12-18 13:08A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017 r2"
},
{
"model": "pi web api r2",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi web api r2 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi vision r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20171"
},
{
"model": "pi af services r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "201710"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi web api",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi web api",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi vision",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7508"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "103396"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7508",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7508",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-05300",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7508",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7508",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05300",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-456",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7508",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-04",
"trust": 3.3
},
{
"db": "BID",
"id": "103396",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05300",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E5C28F-39AB-11E9-AA1F-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"id": "VAR-201803-2205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
}
],
"trust": 1.29638158
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
}
]
},
"last_update_date": "2023-12-18T13:08:31.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Web API Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121499"
},
{
"title": "OSIsoft PI Web API Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-04"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103396"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7508"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7508"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103396"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"date": "2018-03-14T18:29:00.607000",
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103396"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003014"
},
{
"date": "2019-10-09T23:42:20.817000",
"db": "NVD",
"id": "CVE-2018-7508"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05300"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-456"
}
],
"trust": 0.6
}
}
VAR-201803-2202
Vulnerability from variot - Updated: 2023-12-18 13:08A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. OSIsoft PI Web API Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product for accessing PI system data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017 r2"
},
{
"model": "pi web api r2",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi web api r2 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi vision r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20171"
},
{
"model": "pi af services r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "201710"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi web api",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi web api",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi vision",
"version": "2017"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7500"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "103396"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7500",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7500",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05299",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7500",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7500",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-05299",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-458",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. OSIsoft PI Web API Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product for accessing PI system data. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7500",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-04",
"trust": 3.3
},
{
"db": "BID",
"id": "103396",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05299",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E5E9A2-39AB-11E9-B8D3-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"id": "VAR-201803-2202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
}
],
"trust": 1.29638158
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
}
]
},
"last_update_date": "2023-12-18T13:08:31.933000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Web API Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121497"
},
{
"title": "OSIsoft PI Web API Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79108"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-04"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103396"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7500"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7500"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"db": "BID",
"id": "103396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103396"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"date": "2018-03-14T18:29:00.500000",
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05299"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103396"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003012"
},
{
"date": "2019-10-09T23:42:20.003000",
"db": "NVD",
"id": "CVE-2018-7500"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-458"
}
],
"trust": 0.6
}
}
VAR-201803-2176
Vulnerability from variot - Updated: 2023-12-18 12:50An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi vision r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20171"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi vision",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103390"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7496",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7496",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7496",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-459",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. \nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7496",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-03",
"trust": 3.3
},
{
"db": "BID",
"id": "103390",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05315",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E65ED1-39AB-11E9-9398-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"id": "VAR-201803-2176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
}
],
"trust": 1.2052631600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
}
]
},
"last_update_date": "2023-12-18T12:50:48.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "OSIsoft PI Vision Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121513"
},
{
"title": "OSIsoft PI Vision Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79109"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103390"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7496"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7496"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-15T00:00:00",
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103390"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"date": "2018-03-14T18:29:00.453000",
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103390"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003011"
},
{
"date": "2019-10-09T23:42:19.457000",
"db": "NVD",
"id": "CVE-2018-7496"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Vision Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05315"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-459"
}
],
"trust": 0.6
}
}
VAR-201803-2204
Vulnerability from variot - Updated: 2023-12-18 12:50A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. OSIsoft PI Vision Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi vision",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi vision r2 update",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20171"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7504"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103390"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7504",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05312",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7504",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7504",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-457",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. OSIsoft PI Vision Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. \nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7504",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-072-03",
"trust": 3.3
},
{
"db": "BID",
"id": "103390",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05312",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E610B0-39AB-11E9-9D94-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"id": "VAR-201803-2204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
}
],
"trust": 1.2052631600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
}
]
},
"last_update_date": "2023-12-18T12:50:48.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Vision Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121517"
},
{
"title": "OSIsoft PI Vision Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79107"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103390"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7504"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7504"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "BID",
"id": "103390"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-15T00:00:00",
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103390"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"date": "2018-03-14T18:29:00.560000",
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"date": "2018-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103390"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003013"
},
{
"date": "2019-10-09T23:42:20.457000",
"db": "NVD",
"id": "CVE-2018-7504"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Vision Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05312"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-457"
}
],
"trust": 0.6
}
}
VAR-201805-0354
Vulnerability from variot - Updated: 2023-12-18 12:50PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. Other attacks are also possible. OSIsoft PI Coresight 2016 R2 and earlier are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi coresight",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi coresight r2",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2016"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi coresight r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi coresight",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi coresight",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "BID",
"id": "99540"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016-r2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9641"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "99540"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9641",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9641",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22990",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "17776aa1-0392-4099-bd01-a030c287a2fd",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9641",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9641",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22990",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-862",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. Other attacks are also possible. \nOSIsoft PI Coresight 2016 R2 and earlier are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "BID",
"id": "99540"
},
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9641",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-04",
"trust": 3.3
},
{
"db": "BID",
"id": "99540",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-22990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472",
"trust": 0.8
},
{
"db": "IVD",
"id": "17776AA1-0392-4099-BD01-A030C287A2FD",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "BID",
"id": "99540"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"id": "VAR-201805-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
}
],
"trust": 1.4527778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
}
]
},
"last_update_date": "2023-12-18T12:50:46.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00320",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00320"
},
{
"title": "Patch for OSIsoft PI Coresight Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100862"
},
{
"title": "OSIsoft PI Coresight Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99871"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-04"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99540"
},
{
"trust": 1.6,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00320"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9641"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9641"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "BID",
"id": "99540"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "BID",
"id": "99540"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99540"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"date": "2018-05-25T15:29:00.210000",
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99540"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013472"
},
{
"date": "2019-10-09T23:30:45.440000",
"db": "NVD",
"id": "CVE-2017-9641"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Coresight Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "17776aa1-0392-4099-bd01-a030c287a2fd"
},
{
"db": "CNVD",
"id": "CNVD-2017-22990"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-862"
}
],
"trust": 0.6
}
}
VAR-201702-0300
Vulnerability from variot - Updated: 2023-12-18 12:44An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. OSIsoft is the world's leading provider of real-time performance management software (RtPM ™) suites. Unauthenticated attackers can use this vulnerability to access affected devices. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api 2015 r2",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "1.5.1"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20151.5.1"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2015 r2 1.5.1"
},
{
"model": "pi web api",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "20161.7.0.176"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "BID",
"id": "93552"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api_2015_r2:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8353"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "93552"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8353",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-09864",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8353",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8353",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-09864",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-866",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. OSIsoft is the world\u0027s leading provider of real-time performance management software (RtPM \u2122) suites. Unauthenticated attackers can use this vulnerability to access affected devices. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "BID",
"id": "93552"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8353",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-01",
"trust": 2.7
},
{
"db": "BID",
"id": "93552",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-09864",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "BID",
"id": "93552"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"id": "VAR-201702-0300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5875
},
"last_update_date": "2023-12-18T12:44:42.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/default.aspx"
},
{
"title": "Patch for OSIsoft PI Web API Account Permission Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/82859"
},
{
"title": "OSIsoft PI Web API Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65187"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93552"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8353"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8353"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/93552/discuss"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "BID",
"id": "93552"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"db": "BID",
"id": "93552"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93552"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"date": "2017-02-13T21:59:00.813000",
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09864"
},
{
"date": "2016-10-26T09:08:00",
"db": "BID",
"id": "93552"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007984"
},
{
"date": "2017-03-14T14:07:20.497000",
"db": "NVD",
"id": "CVE-2016-8353"
},
{
"date": "2016-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API Without proper authority in PI Vulnerability accessing system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-866"
}
],
"trust": 0.6
}
}
VAR-202111-1090
Vulnerability from variot - Updated: 2023-12-18 12:34A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "2021"
},
{
"model": "pi vision",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43551"
}
]
},
"cve": "CVE-2021-43551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-43551",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-43551",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-43551",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43551",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1555",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim\u0027s user permissions. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43551",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-05",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015242",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"id": "VAR-202111-1090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T12:34:48.301000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "OSIsoft PI Vision Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170702"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43551"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-313-05"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"date": "2021-11-17T19:15:09.100000",
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"date": "2021-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-14T07:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-015242"
},
{
"date": "2022-04-12T18:06:07.447000",
"db": "NVD",
"id": "CVE-2021-43551"
},
{
"date": "2021-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI\u00a0Vision\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015242"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1555"
}
],
"trust": 0.6
}
}
VAR-202111-1089
Vulnerability from variot - Updated: 2023-12-18 12:34PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "lt",
"trust": 1.0,
"vendor": "osisoft",
"version": "2021"
},
{
"model": "pi vision",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi vision",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43553"
}
]
},
"cve": "CVE-2021-43553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-43553",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-43553",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-43553",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43553",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1554",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43553",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-05",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015241",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"id": "VAR-202111-1089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T12:34:48.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "OSIsoft PI Vision Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170701"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43553"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-313-05"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"date": "2021-11-17T19:15:09.160000",
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"date": "2021-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-14T07:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-015241"
},
{
"date": "2021-11-19T19:00:31.003000",
"db": "NVD",
"id": "CVE-2021-43553"
},
{
"date": "2021-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI\u00a0Vision\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1554"
}
],
"trust": 0.6
}
}
VAR-201702-0674
Vulnerability from variot - Updated: 2023-12-18 12:29An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20150"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20140"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20130"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "1.0"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 (pi af services 2016 r2 integrated install kit)"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi coresight",
"version": "*"
},
{
"model": "2016-r2",
"scope": null,
"trust": 0.2,
"vendor": "pi web api",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2016-r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016-r2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vint Maggs from Savannah River Nuclear Solutions",
"sources": [
{
"db": "BID",
"id": "95355"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5153",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5153",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5153",
"trust": 3.5
},
{
"db": "BID",
"id": "95355",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264",
"trust": 0.8
},
{
"db": "IVD",
"id": "E7887E65-5724-47C1-8179-E1966E9BF69C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"id": "VAR-201702-0674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
],
"trust": 1.3715278
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
]
},
"last_update_date": "2023-12-18T12:29:50.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.osisoft.com/default.aspx"
},
{
"title": "Patch for OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95355"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5153"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5153"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01 "
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00312 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-10T00:00:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-02-13T21:59:02.690000",
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-12T00:14:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-03-16T15:27:41.143000",
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
}
}
VAR-201708-1405
Vulnerability from variot - Updated: 2023-12-18 12:29A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9655",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-22840",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9655",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9655",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9655",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178",
"trust": 0.8
},
{
"db": "IVD",
"id": "B736DB0C-4A0D-4B79-A22A-798941A2FF2F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"id": "VAR-201708-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
]
},
"last_update_date": "2023-12-18T12:29:29.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"title": "Patch for OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100819"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9655"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9655"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-08-14T16:29:00.287000",
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-08-23T19:23:02.230000",
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
}
}
VAR-201708-1404
Vulnerability from variot - Updated: 2023-12-18 12:29An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "2016"
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9653",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9653",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9653",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9653",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586",
"trust": 0.8
},
{
"db": "IVD",
"id": "3C9B8A2F-E383-4F65-A360-5A5A2835FD54",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"id": "VAR-201708-1404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
]
},
"last_update_date": "2023-12-18T12:29:29.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"title": "OSIsoft PI Integrator does not authorize access to the vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100822"
},
{
"title": "OSIsoft PI Integrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99850"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-285",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9653"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9653"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2017-08-14T16:29:00.257000",
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
}
}
VAR-201908-0867
Vulnerability from variot - Updated: 2023-12-18 12:28OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0867",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "lte",
"trust": 1.8,
"vendor": "osisoft",
"version": "2018"
},
{
"model": "pi web api",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13515"
}
]
},
"cve": "CVE-2019-13515",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13515",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-27464",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13515",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13515",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-27464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-933",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13515",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "VULMON",
"id": "CVE-2019-13515"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13515",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-225-02",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-27464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3105",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-13515",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"id": "VAR-201908-0867",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
}
]
},
"last_update_date": "2023-12-18T12:28:00.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
},
{
"title": "Patch for OSIsoft PI Web API information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/175567"
},
{
"title": "OSIsoft PI Web API Repair measures for log information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96617"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13515"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13515"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3105/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/532.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"date": "2019-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"date": "2019-08-15T19:15:11.233000",
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-27464"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13515"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008304"
},
{
"date": "2019-10-09T23:46:31.297000",
"db": "NVD",
"id": "CVE-2019-13515"
},
{
"date": "2019-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Web API Vulnerable to information disclosure from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-933"
}
],
"trust": 0.6
}
}
VAR-201708-1390
Vulnerability from variot - Updated: 2023-12-18 12:19An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.410.1256"
},
{
"model": "pi data archive",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "3.4.410.1256"
},
{
"model": "pi server",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20163.4.400.1162"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20153.4.395.64"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi data archive",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.410.1256",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99059"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7930",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-16357",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "b62dbca6-8c59-468d-99f3-000e688d6797",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7930",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7930",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-16357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-930",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7930",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-02",
"trust": 2.7
},
{
"db": "BID",
"id": "99059",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-16357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336",
"trust": 0.8
},
{
"db": "IVD",
"id": "B62DBCA6-8C59-468D-99F3-000E688D6797",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"id": "VAR-201708-1390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
}
],
"trust": 1.2761904800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
}
]
},
"last_update_date": "2023-12-18T12:19:33.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00315 - OSIsoft releases security updates in PI Server 2017",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00315"
},
{
"title": "OSIsoft PI Server authentication bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/98749"
},
{
"title": "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99745"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7930"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7930"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99059"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"date": "2017-08-25T19:29:00.333000",
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16357"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99059"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007336"
},
{
"date": "2019-10-09T23:29:59.970000",
"db": "NVD",
"id": "CVE-2017-7930"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Server Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b62dbca6-8c59-468d-99f3-000e688d6797"
},
{
"db": "CNVD",
"id": "CNVD-2017-16357"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-930"
}
],
"trust": 0.6
}
}
VAR-201708-1392
Vulnerability from variot - Updated: 2023-12-18 12:19An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.410.1256"
},
{
"model": "pi data archive",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2017"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "3.4.410.1256"
},
{
"model": "pi server",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20170"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20163.4.400.1162"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20153.4.395.64"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi data archive",
"scope": "ne",
"trust": 0.3,
"vendor": "osisoft",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi data archive",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.410.1256",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7934"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99059"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7934",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-7934",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-16358",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-7934",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7934",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-16358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-926",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7934",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-02",
"trust": 2.7
},
{
"db": "BID",
"id": "99059",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-16358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337",
"trust": 0.8
},
{
"db": "IVD",
"id": "10CF70CA-8BF0-47ED-BE97-F716CDFEA1B0",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"id": "VAR-201708-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
}
],
"trust": 1.2761904800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
}
]
},
"last_update_date": "2023-12-18T12:19:33.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00315 - OSIsoft releases security updates in PI Server 2017",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00315"
},
{
"title": "Patch for OSIsoft PI Server Authentication Bypass Vulnerability (CNVD-2017-16358)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/98750"
},
{
"title": "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99741"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7934"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7934"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"db": "BID",
"id": "99059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "IVD",
"id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
},
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99059"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"date": "2017-08-25T19:29:00.380000",
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16358"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99059"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007337"
},
{
"date": "2019-10-09T23:30:00.890000",
"db": "NVD",
"id": "CVE-2017-7934"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Server 2017 PI Data Archive Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007337"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-926"
}
],
"trust": 0.6
}
}
VAR-202007-0021
Vulnerability from variot - Updated: 2023-12-18 11:43An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi vision",
"scope": "eq",
"trust": 1.8,
"vendor": "osisoft",
"version": "2019"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2019:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10643"
}
]
},
"cve": "CVE-2020-10643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008997",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008997",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10643",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10643",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-008997",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1558",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-10643",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1558",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"id": "VAR-202007-0021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40526316
},
"last_update_date": "2023-12-18T11:43:18.349000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10643"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"date": "2020-07-27T22:15:12.077000",
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008997"
},
{
"date": "2020-08-05T18:32:11.990000",
"db": "NVD",
"id": "CVE-2020-10643"
},
{
"date": "2020-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI Vision Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1558"
}
],
"trust": 0.6
}
}
VAR-202007-0028
Vulnerability from variot - Updated: 2023-12-18 11:41In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2018"
},
{
"model": "pi data archive",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data archive sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2018:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2018:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10604"
}
]
},
"cve": "CVE-2020-10604",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009000",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-52466",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009000",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10604",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009000",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-52466",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-687",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "CNVD",
"id": "CNVD-2020-52466"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10604",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52466",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-687",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"id": "VAR-202007-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
}
],
"trust": 1.33809524
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
}
]
},
"last_update_date": "2023-12-18T11:41:57.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10604"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10604"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"date": "2020-07-25T00:15:12.047000",
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52466"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009000"
},
{
"date": "2022-10-21T17:16:47.677000",
"db": "NVD",
"id": "CVE-2020-10604"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Data Archive Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-687"
}
],
"trust": 0.6
}
}
VAR-202007-0023
Vulnerability from variot - Updated: 2023-12-18 11:30In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data.
OSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data archive",
"scope": "eq",
"trust": 1.0,
"vendor": "pi",
"version": "2018"
},
{
"model": "pi data archive",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2018"
},
{
"model": "pi data archive sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pi:data_archive:2018:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pi:data_archive:2018:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10602"
}
]
},
"cve": "CVE-2020-10602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008999",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-52465",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008999",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10602",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-008999",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-52465",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-684",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data. \n\r\n\r\nOSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "CNVD",
"id": "CNVD-2020-52465"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10602",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-684",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"id": "VAR-202007-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
}
],
"trust": 1.3420634933333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
}
]
},
"last_update_date": "2023-12-18T11:30:42.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10602"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10602"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"date": "2020-07-24T23:15:11.753000",
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52465"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008999"
},
{
"date": "2020-08-05T17:44:12.463000",
"db": "NVD",
"id": "CVE-2020-10602"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Data Archive In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008999"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-684"
}
],
"trust": 0.6
}
}
VAR-202007-0022
Vulnerability from variot - Updated: 2023-12-18 11:26An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2019"
},
{
"model": "pi data archive",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2018 sp2"
},
{
"model": "pi data archive sp2",
"scope": "lte",
"trust": 0.6,
"vendor": "osisoft",
"version": "\u003c=2018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10600"
}
]
},
"cve": "CVE-2020-10600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008998",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-52464",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008998",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10600",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10600",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-008998",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-52464",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-677",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "CNVD",
"id": "CNVD-2020-52464"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2020-10600",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-677",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"id": "VAR-202007-0022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
}
],
"trust": 1.33809524
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
}
]
},
"last_update_date": "2023-12-18T11:26:49.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10600"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10600"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"date": "2020-07-24T23:15:11.690000",
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52464"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008998"
},
{
"date": "2020-08-05T17:39:30.420000",
"db": "NVD",
"id": "CVE-2020-10600"
},
{
"date": "2020-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PI Data Archive In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-677"
}
],
"trust": 0.6
}
}
VAR-202007-0030
Vulnerability from variot - Updated: 2023-12-18 11:23In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data collection manager",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi buffer subsystem",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "4.8.0.18"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.0.2.5"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.0.0.54"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.4.0.17"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.6.8.26"
},
{
"model": "pi integrator",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.2.0.183"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.6"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.430.460"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.2.79"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.0.10"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.42"
},
{
"model": "pi to ocs",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.36.0"
},
{
"model": "pi connector relay",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.1.71"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.88"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.1"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.130"
},
{
"model": "pi interface configuration utility",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.7"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.1.135"
},
{
"model": "pi api",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi buffer subsystem",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector relay",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data archive",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data collection manager",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi integrator for business analytics",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi interface configuration utility",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi to ocs",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.8.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.8.0.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.54",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.1.71",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2.79",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.0.130",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1.135",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.0.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.88",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.430.460",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.0.183",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.36.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"cve": "CVE-2020-10606",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009001",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10606",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10606",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009001",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10606",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "VULMON",
"id": "CVE-2020-10606"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-10606",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-10606",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"id": "VAR-202007-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.409523815
},
"last_update_date": "2023-12-18T11:23:58.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10606"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10606"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"date": "2020-07-24T23:15:11.830000",
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"date": "2020-08-05T17:57:44.737000",
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OSIsoft Made PI Vulnerability in improper default permissions on system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
],
"trust": 0.6
}
}
VAR-202007-0033
Vulnerability from variot - Updated: 2023-12-18 11:21In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi data collection manager",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi buffer subsystem",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "4.8.0.18"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.0.2.5"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.0.0.54"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.4.0.17"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.6.8.26"
},
{
"model": "pi integrator",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.2.0.183"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.6"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.430.460"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.2.79"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.0.10"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.42"
},
{
"model": "pi to ocs",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.36.0"
},
{
"model": "pi connector relay",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.1.71"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.88"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.1"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.130"
},
{
"model": "pi interface configuration utility",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.7"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.1.135"
},
{
"model": "pi api",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi buffer subsystem",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector relay",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data archive",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data collection manager",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi integrator for business analytics",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi interface configuration utility",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi to ocs",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.8.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.8.0.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.54",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.1.71",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2.79",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.0.130",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1.135",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.0.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.88",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.430.460",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.0.183",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.36.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10610"
}
]
},
"cve": "CVE-2020-10610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-009003",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009003",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10610",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009003",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-697",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-10610",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009003",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-697",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"id": "VAR-202007-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.409523815
},
"last_update_date": "2023-12-18T11:21:35.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "CWE-427",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10610"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10610"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"date": "2020-07-24T23:15:11.940000",
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009003"
},
{
"date": "2021-12-21T12:46:15.087000",
"db": "NVD",
"id": "CVE-2020-10610"
},
{
"date": "2021-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OSIsoft Made PI Vulnerabilities in uncontrolled search path elements in the system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-697"
}
],
"trust": 0.6
}
}