VAR-201708-1404
Vulnerability from variot - Updated: 2023-12-18 12:29An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "2016"
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9653",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9653",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9653",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9653",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586",
"trust": 0.8
},
{
"db": "IVD",
"id": "3C9B8A2F-E383-4F65-A360-5A5A2835FD54",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"id": "VAR-201708-1404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
]
},
"last_update_date": "2023-12-18T12:29:29.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"title": "OSIsoft PI Integrator does not authorize access to the vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100822"
},
{
"title": "OSIsoft PI Integrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99850"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-285",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9653"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9653"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2017-08-14T16:29:00.257000",
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…