- Description
- A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- ics-cert@hq.dhs.gov
- CWE-264
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DB7BD82-102C-4102-8786-4C47832B3C79",
"versionEndIncluding": "2017"
},
{
"criteria": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E98E223-7747-483D-B7A9-5DD9BE1B4626"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54E097BD-B6A5-4153-BC11-268AF90588A3"
}
],
"operator": "OR"
}
]
}
]