VAR-201702-0674
Vulnerability from variot - Updated: 2023-12-18 12:29An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20150"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20140"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20130"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "1.0"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 (pi af services 2016 r2 integrated install kit)"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi coresight",
"version": "*"
},
{
"model": "2016-r2",
"scope": null,
"trust": 0.2,
"vendor": "pi web api",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_web_api:2016-r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016-r2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vint Maggs from Savannah River Nuclear Solutions",
"sources": [
{
"db": "BID",
"id": "95355"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5153",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5153",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5153",
"trust": 3.5
},
{
"db": "BID",
"id": "95355",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264",
"trust": 0.8
},
{
"db": "IVD",
"id": "E7887E65-5724-47C1-8179-E1966E9BF69C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"id": "VAR-201702-0674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
],
"trust": 1.3715278
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
]
},
"last_update_date": "2023-12-18T12:29:50.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.osisoft.com/default.aspx"
},
{
"title": "Patch for OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95355"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5153"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5153"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01 "
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00312 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-10T00:00:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-02-13T21:59:02.690000",
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-12T00:14:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-03-16T15:27:41.143000",
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…