VAR-201708-1405
Vulnerability from variot - Updated: 2023-12-18 12:29A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_sap_hana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_microsoft_azure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:osisoft:pi_integrator_for_business_analystics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9655",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-22840",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9655",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9655",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9655",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178",
"trust": 0.8
},
{
"db": "IVD",
"id": "B736DB0C-4A0D-4B79-A22A-798941A2FF2F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"id": "VAR-201708-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
]
},
"last_update_date": "2023-12-18T12:29:29.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"title": "Patch for OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100819"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9655"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9655"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-08-14T16:29:00.287000",
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-08-23T19:23:02.230000",
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…