Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    127 vulnerabilities by osisoft

    VAR-201606-0252

    Vulnerability from variot - Updated: 2023-12-18 13:39

    OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. The PI AF Server is the core product of the PI System. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0252",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi af server 2016",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.7.0"
          },
          {
            "model": "pi af server 2016",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2.8.0"
          },
          {
            "model": "pi af server",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2.8.0"
          },
          {
            "model": "pi af server 2016",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2.7.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi af server 2016",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_af_server_2016:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "91194"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-4518",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-4518",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-04194",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "1d152233-c874-4f21-b459-78399664c0b1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-4518",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-4518",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04194",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-309",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "1d152233-c874-4f21-b459-78399664c0b1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. The PI AF Server is the core product of the PI System. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "BID",
            "id": "91194"
          },
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4518",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-166-02",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "91194",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "1D152233-C874-4F21-B459-78399664C0B1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "BID",
            "id": "91194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "id": "VAR-201606-0252",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:39:10.856000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "OSIsoft Releases Security Update in PI AF Server 2016",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00301"
          },
          {
            "title": "OSIsoft PI AF Server Denial of Service Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/77857"
          },
          {
            "title": "OSIsoft PI AF Server Remediation measures for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62259"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-166-02"
          },
          {
            "trust": 1.6,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00301"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4518"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4518"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "BID",
            "id": "91194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "date": "2016-05-10T00:00:00",
            "db": "BID",
            "id": "91194"
          },
          {
            "date": "2016-06-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "date": "2016-06-19T20:59:13.393000",
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "date": "2016-05-10T00:00:00",
            "db": "BID",
            "id": "91194"
          },
          {
            "date": "2016-06-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003306"
          },
          {
            "date": "2016-06-21T22:49:44.147000",
            "db": "NVD",
            "id": "CVE-2016-4518"
          },
          {
            "date": "2016-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI AF Server Denial of service vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation",
        "sources": [
          {
            "db": "IVD",
            "id": "1d152233-c874-4f21-b459-78399664c0b1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-309"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202006-0319

    Vulnerability from variot - Updated: 2023-12-18 13:37

    In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. PI Web API Is PI System Used when accessing RESTful The interface. This product supports client applications to read and write access to its AF and PI data via HTTPS

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0319",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2019"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2019"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2019 patch 1 (1.12.0.6346)"
          },
          {
            "model": "pi web api patch",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=20191(1.12.0.6346)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2019",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2019:patch_1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          }
        ]
      },
      "cve": "CVE-2020-12021",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2020-51561",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "None",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005435",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12021",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-005435",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-51561",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-921",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. PI Web API Is PI System Used when accessing RESTful The interface. This product supports client applications to read and write access to its AF and PI data via HTTPS",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12021",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-163-01",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU92610962",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47160",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2064",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "id": "VAR-202006-0319",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:37:48Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "PI Web API",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/documentation/pi-web-api/help.html"
          },
          {
            "title": "Patch for OSIsoft PI Web API cross-site scripting vulnerability (CNVD-2020-51561)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/233590"
          },
          {
            "title": "OSIsoft PI Web API Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122995"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12021"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92610962/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47160"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12021"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2064/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "date": "2020-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "date": "2020-06-23T22:15:13.980000",
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "date": "2020-06-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-51561"
          },
          {
            "date": "2020-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          },
          {
            "date": "2020-07-02T18:34:50.563000",
            "db": "NVD",
            "id": "CVE-2020-12021"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft Made  PI Web API 2019 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005435"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-921"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1388

    Vulnerability from variot - Updated: 2023-12-18 13:29

    A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. OSIsoft PI Web API is a product for accessing PI system data. The program failed to properly validate the HTTP request. An attacker could exploit the vulnerability to perform certain unauthorized operations and access the affected application. Other attacks are also possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1388",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "1.8"
          },
          {
            "model": "pi web api",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017 (1.9.0)"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "20171.9.0"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20161.7.0.176"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20151.5.1"
          },
          {
            "model": "pi web api",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20171.9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi web api",
            "version": "1.8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "BID",
            "id": "99058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:1.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "99058"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7926",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-7926",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-16356",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7926",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7926",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-16356",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1044",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. OSIsoft PI Web API is a product for accessing PI system data. The program failed to properly validate the HTTP request. An attacker could exploit the vulnerability to perform certain unauthorized operations and access the affected application. Other attacks are also possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "BID",
            "id": "99058"
          },
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7926",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-03",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99058",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E1BB21C8-8650-4E7F-A184-0A29A764DF9F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "BID",
            "id": "99058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "id": "VAR-201708-1388",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          }
        ],
        "trust": 1.3875000000000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:29:10.880000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00316 - OSIsoft releases security update in PI Web API 2017 for CSRF vulnerability",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00316"
          },
          {
            "title": "Patch for OSIsoft PI Web API Cross-Site Request Forgery Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/98751"
          },
          {
            "title": "OSIsoft PI Web API Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99753"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-03"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99058"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7926"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7926"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00316"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "BID",
            "id": "99058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "BID",
            "id": "99058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99058"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "date": "2017-08-25T19:29:00.300000",
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99058"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007335"
          },
          {
            "date": "2019-10-09T23:29:59.187000",
            "db": "NVD",
            "id": "CVE-2017-7926"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e1bb21c8-8650-4e7f-a184-0a29a764df9f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1044"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2222

    Vulnerability from variot - Updated: 2023-12-18 13:28

    An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2222",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi data archive r2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "2017"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "103399"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7533",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-7533",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-05302",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "e2e59b81-39ab-11e9-a837-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7533",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7533",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05302",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-453",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2e59b81-39ab-11e9-a837-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7533",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103399",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E59B81-39AB-11E9-A837-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "id": "VAR-201803-2222",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          }
        ],
        "trust": 1.2761904800000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:58.608000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Data Archive Privilege Escalation Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121505"
          },
          {
            "title": "OSIsoft PI Data Archive Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79103"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-275",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103399"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7533"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7533"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "IVD",
            "id": "e2e59b81-39ab-11e9-a837-000c29342cb1"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "date": "2018-03-14T18:29:00.780000",
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05302"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          },
          {
            "date": "2019-10-09T23:42:23.970000",
            "db": "NVD",
            "id": "CVE-2018-7533"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Data Archive Permissions vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003017"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-453"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2219

    Vulnerability from variot - Updated: 2023-12-18 13:28

    A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2219",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi data archive r2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "data archive",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "103399"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7529",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7529",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-05303",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2e59b80-39ab-11e9-b243-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7529",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7529",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05303",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-455",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2e59b80-39ab-11e9-b243-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7529",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103399",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E59B80-39AB-11E9-B243-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "id": "VAR-201803-2219",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          }
        ],
        "trust": 1.41309524
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:58.569000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121507"
          },
          {
            "title": "OSIsoft PI Data Archive Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79105"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103399"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7529"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7529"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "date": "2018-03-14T18:29:00.670000",
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05303"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          },
          {
            "date": "2019-10-09T23:42:23.503000",
            "db": "NVD",
            "id": "CVE-2018-7529"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Data Archive Vulnerable to unreliable data deserialization",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003015"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b80-39ab-11e9-b243-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-455"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201803-2220

    Vulnerability from variot - Updated: 2023-12-18 13:28

    An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2220",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi data archive r2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "2017"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "103399"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7531",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7531",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-05301",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7531",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7531",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05301",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-454",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7531",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103399",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E59B82-39AB-11E9-9DFB-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "id": "VAR-201803-2220",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          }
        ],
        "trust": 1.2761904800000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:58.535000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "OSIsoft PI Data Archive patch for denial of service vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121503"
          },
          {
            "title": "OSIsoft PI Data Archive Enter the fix for the verification vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79104"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103399"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7531"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7531"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "date": "2018-03-14T18:29:00.733000",
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05301"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103399"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "date": "2019-10-09T23:42:23.720000",
            "db": "NVD",
            "id": "CVE-2018-7531"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Data Archive Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e59b82-39ab-11e9-9dfb-000c29342cb1"
          },
          {
            "db": "BID",
            "id": "103399"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-454"
          }
        ],
        "trust": 1.1
      }
    }

    VAR-201804-0079

    Vulnerability from variot - Updated: 2023-12-18 13:28

    OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0079",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi sdk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.4.6"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "4.5.0"
          },
          {
            "model": "pi data archive",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.4.400.1162"
          },
          {
            "model": "pi af client",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.8.0"
          },
          {
            "model": "pi af client",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 2.8.0"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "4.4 and less"
          },
          {
            "model": "pi data archive",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2015 3.4.395.64"
          },
          {
            "model": "pi sdk",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 1.4.6"
          },
          {
            "model": "pi af client",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016(2.8.0)"
          },
          {
            "model": "pi software development kit",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016(1.4.6)"
          },
          {
            "model": "pi data archive",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016(3.4.400.1162)"
          },
          {
            "model": "pi sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "4.4"
          },
          {
            "model": "pi af client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi sdk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20161.4.6"
          },
          {
            "model": "pi data archive",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20163.4.400.1162"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "4.5"
          },
          {
            "model": "pi af client",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20162.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi af client",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi buffer subsystem",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi sdk",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_af_client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_sdk:*:*:*:*:2016:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.4.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:2016:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.4.400.1162",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8365",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 2.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-8365",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2016-11094",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-8365",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-8365",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11094",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-316",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8365",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "94165",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "87D38CA7-2043-4E29-9C00-8DBD6630ADD8",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "id": "VAR-201804-0079",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          }
        ],
        "trust": 1.5003968266666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:58.049000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "OSIsoft Releases Security Updates for Core Networking Component in PI System 2016",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00308"
          },
          {
            "title": "OSIsoft PI System Local Denial of Service Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/83850"
          },
          {
            "title": "OSIsoft PI System Fixes for local denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65684"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ics-vu-313-03"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/94165"
          },
          {
            "trust": 1.9,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00308"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8365"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8365"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-15T00:00:00",
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "date": "2016-11-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "date": "2016-11-08T00:00:00",
            "db": "BID",
            "id": "94165"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "date": "2018-04-03T14:29:00.247000",
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "date": "2016-11-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          },
          {
            "date": "2016-11-24T01:08:00",
            "db": "BID",
            "id": "94165"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009008"
          },
          {
            "date": "2019-10-09T23:19:57.193000",
            "db": "NVD",
            "id": "CVE-2016-8365"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "94165"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI System Local Denial of Service Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11094"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "87d38ca7-2043-4e29-9c00-8dbd6630add8"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-316"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201904-0718

    Vulnerability from variot - Updated: 2023-12-18 13:18

    OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. OSIsoft PI Vision 2017 and PI Vision 2017 R2 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0718",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017 r2"
          },
          {
            "model": "pi vision r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision r2 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft reported this vulnerability to NCCIC.,The vendor reported these issues.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-19006",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19006",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-19006",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19006",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201902-527",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nOSIsoft PI Vision 2017 and PI Vision 2017 R2 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "BID",
            "id": "107002"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-19-043-01",
            "trust": 2.7
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "107002",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "id": "VAR-201904-0718",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T13:18:47.937000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "OSIsoft PI Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89338"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19006"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19006"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/107002"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "107002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-12T00:00:00",
            "db": "BID",
            "id": "107002"
          },
          {
            "date": "2019-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "date": "2019-04-08T15:29:00.763000",
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "date": "2019-02-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-12T00:00:00",
            "db": "BID",
            "id": "107002"
          },
          {
            "date": "2019-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          },
          {
            "date": "2019-10-09T23:37:35.410000",
            "db": "NVD",
            "id": "CVE-2018-19006"
          },
          {
            "date": "2019-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Vision Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015233"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-527"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1506

    Vulnerability from variot - Updated: 2023-12-18 13:18

    A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1506",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2020"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2020"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2020",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          }
        ]
      },
      "cve": "CVE-2020-25163",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2020-25163",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "impactScore": 5.8,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-25163",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-25163",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-25163",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-847",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-25163",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim\u2019s user permissions. OSIsoft of OSIsoft PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25163"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25163",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-315-02",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU97890337",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4027",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25163",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "id": "VAR-202011-1506",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T13:18:02.749000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "OSIsoft PI Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133829"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97890337/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25163"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4027/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2020-25163/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "date": "2023-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "date": "2022-04-18T17:15:12.230000",
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "date": "2020-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25163"
          },
          {
            "date": "2023-07-27T08:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          },
          {
            "date": "2022-04-27T03:21:59.283000",
            "db": "NVD",
            "id": "CVE-2020-25163"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft\u00a0 of \u00a0OSIsoft\u00a0PI\u00a0Vision\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017700"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-847"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1507

    Vulnerability from variot - Updated: 2023-12-18 13:18

    OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1507",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.5.0"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "3.5.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          }
        ]
      },
      "cve": "CVE-2020-25167",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2020-25167",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-25167",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-25167",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-25167",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-844",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-25167",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. OSIsoft of OSIsoft PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25167"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25167",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-315-02",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU97890337",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4027",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25167",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "id": "VAR-202011-1507",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T13:18:02.725000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cisco ASR 9000 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133827"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "Illegal authentication (CWE-863) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25167"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97890337/"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2020-25167/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4027/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/863.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "date": "2023-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "date": "2022-04-18T17:15:12.300000",
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "date": "2020-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25167"
          },
          {
            "date": "2023-07-27T08:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          },
          {
            "date": "2022-04-26T19:17:47.363000",
            "db": "NVD",
            "id": "CVE-2020-25167"
          },
          {
            "date": "2022-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft\u00a0 of \u00a0OSIsoft\u00a0PI\u00a0Vision\u00a0 Fraud related to unauthorized authentication in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-017699"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-844"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2205

    Vulnerability from variot - Updated: 2023-12-18 13:08

    A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2205",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017 r2"
          },
          {
            "model": "pi web api r2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi web api r2 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi vision r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20171"
          },
          {
            "model": "pi af services r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "201710"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi web api",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi web api",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi vision",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "103396"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7508",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7508",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-05300",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-7508",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7508",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05300",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-456",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7508",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-04",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103396",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E5C28F-39AB-11E9-AA1F-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "id": "VAR-201803-2205",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          }
        ],
        "trust": 1.29638158
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:08:31.968000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Web API Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121499"
          },
          {
            "title": "OSIsoft PI Web API Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79106"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-04"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103396"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7508"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7508"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103396"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "date": "2018-03-14T18:29:00.607000",
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103396"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003014"
          },
          {
            "date": "2019-10-09T23:42:20.817000",
            "db": "NVD",
            "id": "CVE-2018-7508"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5c28f-39ab-11e9-aa1f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-456"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2202

    Vulnerability from variot - Updated: 2023-12-18 13:08

    A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. OSIsoft PI Web API Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product for accessing PI system data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2202",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017 r2"
          },
          {
            "model": "pi web api r2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi web api r2 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi vision r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20171"
          },
          {
            "model": "pi af services r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "201710"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi web api",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi web api",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi vision",
            "version": "2017"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "103396"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7500",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7500",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-05299",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7500",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7500",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05299",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-458",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. OSIsoft PI Web API Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product for accessing PI system data. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7500",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-04",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103396",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E5E9A2-39AB-11E9-B8D3-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "id": "VAR-201803-2202",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          }
        ],
        "trust": 1.29638158
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:08:31.933000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Web API Privilege Escalation Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121497"
          },
          {
            "title": "OSIsoft PI Web API Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79108"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-04"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103396"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7500"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7500"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "db": "BID",
            "id": "103396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "IVD",
            "id": "e2e5e9a2-39ab-11e9-b8d3-000c29342cb1"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103396"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "date": "2018-03-14T18:29:00.500000",
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05299"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103396"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          },
          {
            "date": "2019-10-09T23:42:20.003000",
            "db": "NVD",
            "id": "CVE-2018-7500"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-458"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2176

    Vulnerability from variot - Updated: 2023-12-18 12:50

    An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi vision r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20171"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi vision",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "103390"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7496",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7496",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-05315",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-7496",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7496",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05315",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-459",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. \nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7496",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103390",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E65ED1-39AB-11E9-9398-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "id": "VAR-201803-2176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          }
        ],
        "trust": 1.2052631600000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:48.778000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "OSIsoft PI Vision Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121513"
          },
          {
            "title": "OSIsoft PI Vision Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79109"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103390"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7496"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7496"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103390"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "date": "2018-03-14T18:29:00.453000",
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103390"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003011"
          },
          {
            "date": "2019-10-09T23:42:19.457000",
            "db": "NVD",
            "id": "CVE-2018-7496"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Vision Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e65ed1-39ab-11e9-9398-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-459"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2204

    Vulnerability from variot - Updated: 2023-12-18 12:50

    A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. OSIsoft PI Vision Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2204",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi vision",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi vision r2 update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20171"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2017",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "103390"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7504",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7504",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-05312",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-7504",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7504",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05312",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-457",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. OSIsoft PI Vision Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. \nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7504",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-072-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103390",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E610B0-39AB-11E9-9D94-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "id": "VAR-201803-2204",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          }
        ],
        "trust": 1.2052631600000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:48.375000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Vision Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/121517"
          },
          {
            "title": "OSIsoft PI Vision Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79107"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-072-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103390"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7504"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7504"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "BID",
            "id": "103390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103390"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "date": "2018-03-14T18:29:00.560000",
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "BID",
            "id": "103390"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003013"
          },
          {
            "date": "2019-10-09T23:42:20.457000",
            "db": "NVD",
            "id": "CVE-2018-7504"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Vision Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e610b0-39ab-11e9-9d94-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05312"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-457"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201805-0354

    Vulnerability from variot - Updated: 2023-12-18 12:50

    PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. Other attacks are also possible. OSIsoft PI Coresight 2016 R2 and earlier are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0354",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi coresight",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2016-r2"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2"
          },
          {
            "model": "pi coresight r2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2016"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016-r2"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi coresight r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi coresight",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi coresight",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "BID",
            "id": "99540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2016-r2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "99540"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-9641",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-9641",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22990",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "17776aa1-0392-4099-bd01-a030c287a2fd",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-9641",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9641",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22990",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-862",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "17776aa1-0392-4099-bd01-a030c287a2fd",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. Other attacks are also possible. \nOSIsoft PI Coresight 2016 R2 and earlier are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "BID",
            "id": "99540"
          },
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9641",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-192-04",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "99540",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "17776AA1-0392-4099-BD01-A030C287A2FD",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "BID",
            "id": "99540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "id": "VAR-201805-0354",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          }
        ],
        "trust": 1.4527778
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:46.393000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00320",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00320"
          },
          {
            "title": "Patch for OSIsoft PI Coresight Cross-Site Request Forgery Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/100862"
          },
          {
            "title": "OSIsoft PI Coresight Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99871"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-04"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99540"
          },
          {
            "trust": 1.6,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00320"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9641"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9641"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "BID",
            "id": "99540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "BID",
            "id": "99540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99540"
          },
          {
            "date": "2018-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "date": "2018-05-25T15:29:00.210000",
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "BID",
            "id": "99540"
          },
          {
            "date": "2018-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013472"
          },
          {
            "date": "2019-10-09T23:30:45.440000",
            "db": "NVD",
            "id": "CVE-2017-9641"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Coresight Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "17776aa1-0392-4099-bd01-a030c287a2fd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-862"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0300

    Vulnerability from variot - Updated: 2023-12-18 12:44

    An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. OSIsoft is the world's leading provider of real-time performance management software (RtPM ™) suites. Unauthenticated attackers can use this vulnerability to access affected devices. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0300",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api 2015 r2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "1.5.1"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20151.5.1"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2015 r2 1.5.1"
          },
          {
            "model": "pi web api",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20161.7.0.176"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "BID",
            "id": "93552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api_2015_r2:1.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "93552"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-8353",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-8353",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-09864",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.1,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-8353",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-8353",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-09864",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201610-866",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. OSIsoft is the world\u0027s leading provider of real-time performance management software (RtPM \u2122) suites. Unauthenticated attackers can use this vulnerability to access affected devices. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "BID",
            "id": "93552"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8353",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-287-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "93552",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "BID",
            "id": "93552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "id": "VAR-201702-0300",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5875
      },
      "last_update_date": "2023-12-18T12:44:42.285000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/default.aspx"
          },
          {
            "title": "Patch for OSIsoft PI Web API Account Permission Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/82859"
          },
          {
            "title": "OSIsoft PI Web API Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65187"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/93552"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8353"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8353"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/93552/discuss"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "BID",
            "id": "93552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "db": "BID",
            "id": "93552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "date": "2016-10-13T00:00:00",
            "db": "BID",
            "id": "93552"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "date": "2017-02-13T21:59:00.813000",
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "date": "2016-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-09864"
          },
          {
            "date": "2016-10-26T09:08:00",
            "db": "BID",
            "id": "93552"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          },
          {
            "date": "2017-03-14T14:07:20.497000",
            "db": "NVD",
            "id": "CVE-2016-8353"
          },
          {
            "date": "2016-11-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API Without proper authority in  PI Vulnerability accessing system",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007984"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-866"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1090

    Vulnerability from variot - Updated: 2023-12-18 12:34

    A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1090",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2021"
          },
          {
            "model": "pi vision",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2021",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          }
        ]
      },
      "cve": "CVE-2021-43551",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-43551",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-43551",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-43551",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2021-43551",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1555",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim\u0027s user permissions. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43551",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-313-05",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "id": "VAR-202111-1090",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T12:34:48.301000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "OSIsoft PI Vision Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170702"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43551"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-313-05"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "date": "2021-11-17T19:15:09.100000",
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "date": "2021-11-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-14T07:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          },
          {
            "date": "2022-04-12T18:06:07.447000",
            "db": "NVD",
            "id": "CVE-2021-43551"
          },
          {
            "date": "2021-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI\u00a0Vision\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015242"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1555"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1089

    Vulnerability from variot - Updated: 2023-12-18 12:34

    PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1089",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2021"
          },
          {
            "model": "pi vision",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2021",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          }
        ]
      },
      "cve": "CVE-2021-43553",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2021-43553",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-43553",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-43553",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2021-43553",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1554",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. PI Vision Exists in a fraudulent authentication vulnerability.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43553",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-313-05",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "id": "VAR-202111-1089",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T12:34:48.276000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "OSIsoft PI Vision Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170701"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43553"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-313-05"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "date": "2021-11-17T19:15:09.160000",
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "date": "2021-11-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-14T07:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          },
          {
            "date": "2021-11-19T19:00:31.003000",
            "db": "NVD",
            "id": "CVE-2021-43553"
          },
          {
            "date": "2021-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI\u00a0Vision\u00a0 Fraud related to unauthorized authentication in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015241"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1554"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0674

    Vulnerability from variot - Updated: 2023-12-18 12:29

    An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0674",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2016-r2"
          },
          {
            "model": "pi coresight",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2016-r2"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20150"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20140"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20130"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "osisoft",
            "version": "1.0"
          },
          {
            "model": "pi coresight",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2"
          },
          {
            "model": "pi web api",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2 (pi af services 2016 r2 integrated install kit)"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi coresight",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016-r2"
          },
          {
            "model": "pi web api r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi coresight",
            "version": "*"
          },
          {
            "model": "2016-r2",
            "scope": null,
            "trust": 0.2,
            "vendor": "pi web api",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2016-r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2016-r2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vint Maggs from Savannah River Nuclear Solutions",
        "sources": [
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-5153",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-5153",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-00496",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-5153",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-5153",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-00496",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201701-177",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5153",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "95355",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-010-01",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-010-01A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E7887E65-5724-47C1-8179-E1966E9BF69C",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "id": "VAR-201702-0674",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          }
        ],
        "trust": 1.3715278
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:29:50.269000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.osisoft.com/default.aspx"
          },
          {
            "title": "Patch for OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/88081"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-532",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/95355"
          },
          {
            "trust": 1.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5153"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01a"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5153"
          },
          {
            "trust": 0.3,
            "url": "https://www.osisoft.com/default.aspx"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01 "
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00312 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "BID",
            "id": "95355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-01-17T00:00:00",
            "db": "IVD",
            "id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
          },
          {
            "date": "2017-01-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "date": "2017-01-10T00:00:00",
            "db": "BID",
            "id": "95355"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "date": "2017-02-13T21:59:02.690000",
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "date": "2017-01-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-01-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "date": "2017-01-12T00:14:00",
            "db": "BID",
            "id": "95355"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002264"
          },
          {
            "date": "2017-03-16T15:27:41.143000",
            "db": "NVD",
            "id": "CVE-2017-5153"
          },
          {
            "date": "2017-01-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-00496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-177"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1405

    Vulnerability from variot - Updated: 2023-12-18 12:29

    A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1405",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi integrator for sap hana",
            "scope": "lt",
            "trust": 1.4,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for business analystics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for business analytics",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2 sp1"
          },
          {
            "model": "pi integrator for business analytics r2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for microsoft azure r2 sp1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for business analystics",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi integrator for business analytics and sap hana sql utility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for business analytics 2016-business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "0"
          },
          {
            "model": "pi integrator for business analytics data warehouse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2016-0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for business analystics",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for microsoft azure",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for sap hana",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2016",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2016",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2016",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "100212"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-9655",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-9655",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2017-22840",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-9655",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9655",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22840",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-582",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9655",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-220-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "100212",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B736DB0C-4A0D-4B79-A22A-798941A2FF2F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "id": "VAR-201708-1405",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          }
        ],
        "trust": 1.45132275
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:29:29.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
          },
          {
            "title": "Patch for OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/100819"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
          },
          {
            "trust": 1.9,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/100212"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9655"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9655"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com/products/pi-integrators/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "date": "2017-08-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "BID",
            "id": "100212"
          },
          {
            "date": "2017-09-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "date": "2017-08-14T16:29:00.287000",
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "date": "2017-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "BID",
            "id": "100212"
          },
          {
            "date": "2017-09-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007178"
          },
          {
            "date": "2017-08-23T19:23:02.230000",
            "db": "NVD",
            "id": "CVE-2017-9655"
          },
          {
            "date": "2017-08-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-582"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1404

    Vulnerability from variot - Updated: 2023-12-18 12:29

    An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1404",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi integrator for business analystics",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "lt",
            "trust": 1.4,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi integrator for business analytics",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2016 r2 sp1"
          },
          {
            "model": "pi integrator for business analytics r2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for microsoft azure r2 sp1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for sap hana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi integrator for microsoft azure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20160"
          },
          {
            "model": "pi integrator for business analytics and sap hana sql utility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2016"
          },
          {
            "model": "pi integrator for business analytics 2016-business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "0"
          },
          {
            "model": "pi integrator for business analytics data warehouse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2016-0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for business analystics",
            "version": "2016"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for microsoft azure",
            "version": "2016"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi integrator for sap hana",
            "version": "2016"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:2016:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:2016:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:2016:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft",
        "sources": [
          {
            "db": "BID",
            "id": "100212"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-9653",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-9653",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22841",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-9653",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9653",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22841",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-584",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9653",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-220-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "100212",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "3C9B8A2F-E383-4F65-A360-5A5A2835FD54",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "id": "VAR-201708-1404",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          }
        ],
        "trust": 1.45132275
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:29:29.830000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
          },
          {
            "title": "OSIsoft PI Integrator does not authorize access to the vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/100822"
          },
          {
            "title": "OSIsoft PI Integrator Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99850"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-285",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
          },
          {
            "trust": 1.9,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/100212"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9653"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9653"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com/products/pi-integrators/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "db": "BID",
            "id": "100212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "BID",
            "id": "100212"
          },
          {
            "date": "2017-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "date": "2017-08-14T16:29:00.257000",
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "date": "2017-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "BID",
            "id": "100212"
          },
          {
            "date": "2017-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007586"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-9653"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Integrator Unauthorized Access Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22841"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-584"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0867

    Vulnerability from variot - Updated: 2023-12-18 12:28

    OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Attackers can use this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0867",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2018"
          },
          {
            "model": "pi web api",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2018"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2018",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          }
        ]
      },
      "cve": "CVE-2019-13515",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-13515",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-27464",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-13515",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-13515",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-27464",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-933",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-13515",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Attackers can use this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13515",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-225-02",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "id": "VAR-201908-0867",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:28:00.178000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          },
          {
            "title": "Patch for OSIsoft PI Web API information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/175567"
          },
          {
            "title": "OSIsoft PI Web API Repair measures for log information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96617"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-532",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13515"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13515"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3105/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/532.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "date": "2019-08-15T19:15:11.233000",
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-27464"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13515"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          },
          {
            "date": "2019-10-09T23:46:31.297000",
            "db": "NVD",
            "id": "CVE-2019-13515"
          },
          {
            "date": "2019-08-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Web API Vulnerable to information disclosure from log files",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008304"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "log information leak",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-933"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1390

    Vulnerability from variot - Updated: 2023-12-18 12:19

    An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1390",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.4.410.1256"
          },
          {
            "model": "pi data archive",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "3.4.410.1256"
          },
          {
            "model": "pi server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20163.4.400.1162"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20153.4.395.64"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi data archive",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.4.410.1256",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "99059"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7930",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-7930",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-16357",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "b62dbca6-8c59-468d-99f3-000e688d6797",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7930",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7930",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-16357",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-930",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b62dbca6-8c59-468d-99f3-000e688d6797",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7930",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99059",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B62DBCA6-8C59-468D-99F3-000E688D6797",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "id": "VAR-201708-1390",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          }
        ],
        "trust": 1.2761904800000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:19:33.968000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00315 - OSIsoft releases security updates in PI Server 2017",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00315"
          },
          {
            "title": "OSIsoft PI Server authentication bypasses the patch for the vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/98749"
          },
          {
            "title": "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99745"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99059"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7930"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7930"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99059"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "date": "2017-08-25T19:29:00.333000",
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "date": "2017-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99059"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007336"
          },
          {
            "date": "2019-10-09T23:29:59.970000",
            "db": "NVD",
            "id": "CVE-2017-7930"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Server Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b62dbca6-8c59-468d-99f3-000e688d6797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16357"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-930"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1392

    Vulnerability from variot - Updated: 2023-12-18 12:19

    An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1392",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.4.410.1256"
          },
          {
            "model": "pi data archive",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2017"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "3.4.410.1256"
          },
          {
            "model": "pi server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20170"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20163.4.400.1162"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20153.4.395.64"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "20120"
          },
          {
            "model": "pi data archive",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "osisoft",
            "version": "2017"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pi data archive",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.4.410.1256",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "99059"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7934",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-7934",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-16358",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-7934",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7934",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-16358",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-926",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7934",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99059",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "10CF70CA-8BF0-47ED-BE97-F716CDFEA1B0",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "id": "VAR-201708-1392",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          }
        ],
        "trust": 1.2761904800000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:19:33.929000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AL00315 - OSIsoft releases security updates in PI Server 2017",
            "trust": 0.8,
            "url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00315"
          },
          {
            "title": "Patch for OSIsoft PI Server Authentication Bypass Vulnerability (CNVD-2017-16358)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/98750"
          },
          {
            "title": "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99741"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99059"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7934"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7934"
          },
          {
            "trust": 0.3,
            "url": "https://techsupport.osisoft.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "db": "BID",
            "id": "99059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "IVD",
            "id": "10cf70ca-8bf0-47ed-be97-f716cdfea1b0"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99059"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "date": "2017-08-25T19:29:00.380000",
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "date": "2017-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-16358"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99059"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          },
          {
            "date": "2019-10-09T23:30:00.890000",
            "db": "NVD",
            "id": "CVE-2017-7934"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Server 2017 PI Data Archive Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007337"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-926"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0021

    Vulnerability from variot - Updated: 2023-12-18 11:43

    An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0021",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi vision",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "osisoft",
            "version": "2019"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_vision:2019:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          }
        ]
      },
      "cve": "CVE-2020-10643",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008997",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008997",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10643",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-10643",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008997",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-1558",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. PI Vision Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "id": "VAR-202007-0021",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.40526316
      },
      "last_update_date": "2023-12-18T11:43:18.349000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10643"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "date": "2020-07-27T22:15:12.077000",
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "date": "2020-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          },
          {
            "date": "2020-08-05T18:32:11.990000",
            "db": "NVD",
            "id": "CVE-2020-10643"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI Vision Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008997"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1558"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0028

    Vulnerability from variot - Updated: 2023-12-18 11:41

    In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0028",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "osisoft",
            "version": "2018"
          },
          {
            "model": "pi data archive",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data archive sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2018"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2018:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:2018:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          }
        ]
      },
      "cve": "CVE-2020-10604",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009000",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-52466",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009000",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10604",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009000",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52466",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-687",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10604",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU94872807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "id": "VAR-202007-0028",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          }
        ],
        "trust": 1.33809524
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:41:57.510000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-755",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10604"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10604"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94872807/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "date": "2020-07-25T00:15:12.047000",
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52466"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          },
          {
            "date": "2022-10-21T17:16:47.677000",
            "db": "NVD",
            "id": "CVE-2020-10604"
          },
          {
            "date": "2020-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Data Archive Vulnerability in handling exceptional conditions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009000"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-687"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0023

    Vulnerability from variot - Updated: 2023-12-18 11:30

    In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data.

    OSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0023",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "data archive",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "pi",
            "version": "2018"
          },
          {
            "model": "pi data archive",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2018"
          },
          {
            "model": "pi data archive sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "2018"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:pi:data_archive:2018:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pi:data_archive:2018:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          }
        ]
      },
      "cve": "CVE-2020-10602",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008999",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2020-52465",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008999",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10602",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008999",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52465",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-684",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data. \n\r\n\r\nOSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10602",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU94872807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "id": "VAR-202007-0023",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          }
        ],
        "trust": 1.3420634933333333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:30:42.525000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10602"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10602"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94872807/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "date": "2020-07-24T23:15:11.753000",
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52465"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          },
          {
            "date": "2020-08-05T17:44:12.463000",
            "db": "NVD",
            "id": "CVE-2020-10602"
          },
          {
            "date": "2020-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OSIsoft PI Data Archive In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008999"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-684"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0022

    Vulnerability from variot - Updated: 2023-12-18 11:26

    An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0022",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2019"
          },
          {
            "model": "pi data archive",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "osisoft",
            "version": "2018 sp2"
          },
          {
            "model": "pi data archive sp2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "osisoft",
            "version": "\u003c=2018"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2019",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          }
        ]
      },
      "cve": "CVE-2020-10600",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.9,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008998",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2020-52464",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008998",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10600",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-10600",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008998",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52464",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-677",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU94872807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "id": "VAR-202007-0022",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          }
        ],
        "trust": 1.33809524
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:26:49.514000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10600"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10600"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94872807/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "date": "2020-07-24T23:15:11.690000",
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52464"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          },
          {
            "date": "2020-08-05T17:39:30.420000",
            "db": "NVD",
            "id": "CVE-2020-10600"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PI Data Archive In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008998"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-677"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0030

    Vulnerability from variot - Updated: 2023-12-18 11:23

    In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0030",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data collection manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.5.19.0"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "4.8.0.18"
          },
          {
            "model": "pi api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.0.2.5"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.0.0.54"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.4.0.17"
          },
          {
            "model": "pi api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.6.8.26"
          },
          {
            "model": "pi integrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.2.0.183"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.0.6"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.4.430.460"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.2.79"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.1.0.10"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.0.42"
          },
          {
            "model": "pi to ocs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.1.36.0"
          },
          {
            "model": "pi connector relay",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.5.19.0"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.1.71"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.5.0.88"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.0.1"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.0.130"
          },
          {
            "model": "pi interface configuration utility",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.5.0.7"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.1.135"
          },
          {
            "model": "pi api",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi buffer subsystem",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi connector",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi connector relay",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data archive",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data collection manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi integrator for business analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi interface configuration utility",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi to ocs",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6.8.26",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.0.2.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.8.0.18",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.0.54",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.0.10",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.0.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.0.42",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1.71",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.2.79",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.0.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.0.130",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.1.135",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.4.0.17",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.0.88",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.5.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.4.430.460",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.5.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2.0.183",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.0.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.36.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          }
        ]
      },
      "cve": "CVE-2020-10606",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009001",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10606",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009001",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10606",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009001",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-689",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10606",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10606"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU94872807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10606",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "id": "VAR-202007-0030",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.409523815
      },
      "last_update_date": "2023-12-18T11:23:58.459000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-276",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10606"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10606"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94872807/"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/276.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "date": "2020-07-24T23:15:11.830000",
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10606"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          },
          {
            "date": "2020-08-05T17:57:44.737000",
            "db": "NVD",
            "id": "CVE-2020-10606"
          },
          {
            "date": "2020-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  OSIsoft Made  PI Vulnerability in improper default permissions on system",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009001"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-689"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0033

    Vulnerability from variot - Updated: 2023-12-18 11:21

    In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0033",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pi data collection manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.5.19.0"
          },
          {
            "model": "pi buffer subsystem",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "4.8.0.18"
          },
          {
            "model": "pi api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.0.2.5"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.0.0.54"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.4.0.17"
          },
          {
            "model": "pi api",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.6.8.26"
          },
          {
            "model": "pi integrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.2.0.183"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.0.6"
          },
          {
            "model": "pi data archive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "3.4.430.460"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.2.79"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.1.0.10"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.0.42"
          },
          {
            "model": "pi to ocs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.1.36.0"
          },
          {
            "model": "pi connector relay",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "2.5.19.0"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.2.1.71"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.5.0.88"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.0.1"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.0.130"
          },
          {
            "model": "pi interface configuration utility",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.5.0.7"
          },
          {
            "model": "pi connector",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "osisoft",
            "version": "1.3.1.135"
          },
          {
            "model": "pi api",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi buffer subsystem",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi connector",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi connector relay",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data archive",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi data collection manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi integrator for business analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi interface configuration utility",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          },
          {
            "model": "pi to ocs",
            "scope": null,
            "trust": 0.8,
            "vendor": "osisoft",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6.8.26",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.0.2.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.8.0.18",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.0.54",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.0.10",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.0.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.0.42",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1.71",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.2.79",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.0.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.0.130",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.1.135",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.4.0.17",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.0.88",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.5.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.4.430.460",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.5.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2.0.183",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.0.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.36.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          }
        ]
      },
      "cve": "CVE-2020-10610",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009003",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009003",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10610",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009003",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-697",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-133-02",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU94872807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "id": "VAR-202007-0033",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.409523815
      },
      "last_update_date": "2023-12-18T11:21:35.951000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.osisoft.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-426",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-427",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10610"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10610"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94872807/"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "date": "2020-07-24T23:15:11.940000",
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          },
          {
            "date": "2021-12-21T12:46:15.087000",
            "db": "NVD",
            "id": "CVE-2020-10610"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  OSIsoft Made  PI Vulnerabilities in uncontrolled search path elements in the system",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009003"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-697"
          }
        ],
        "trust": 0.6
      }
    }