Overview
- Description
- A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- ics-cert@hq.dhs.gov
- CWE-264
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DB7BD82-102C-4102-8786-4C47832B3C79",
"versionEndIncluding": "2017"
},
{
"criteria": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E98E223-7747-483D-B7A9-5DD9BE1B4626"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54E097BD-B6A5-4153-BC11-268AF90588A3"
}
],
"operator": "OR"
}
]
}
]