var-201702-0674
Vulnerability from variot
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi web api",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20150"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20140"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20130"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "20120"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.9,
"vendor": "osisoft",
"version": "1.0"
},
{
"model": "pi coresight",
"scope": "lte",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi web api",
"scope": "eq",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 (pi af services 2016 r2 integrated install kit)"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi coresight",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016-r2"
},
{
"model": "pi web api r2",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi coresight",
"version": "*"
},
{
"model": "2016-r2",
"scope": null,
"trust": 0.2,
"vendor": "pi web api",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osisoft:pi_coresight",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_web_api",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vint Maggs from Savannah River Nuclear Solutions",
"sources": [
{
"db": "BID",
"id": "95355"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5153",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-5153",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5153",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5153",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5153",
"trust": 3.5
},
{
"db": "BID",
"id": "95355",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-00496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-010-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264",
"trust": 0.8
},
{
"db": "IVD",
"id": "E7887E65-5724-47C1-8179-E1966E9BF69C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"id": "VAR-201702-0674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
],
"trust": 1.3715278
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
}
]
},
"last_update_date": "2024-11-23T23:12:33.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.osisoft.com/Default.aspx"
},
{
"title": "Patch for OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95355"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5153"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5153"
},
{
"trust": 0.3,
"url": "https://www.osisoft.com/default.aspx"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-010-01 "
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00312 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "BID",
"id": "95355"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "IVD",
"id": "e7887e65-5724-47c1-8179-e1966e9bf69c"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-10T00:00:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"date": "2017-02-13T21:59:02.690000",
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"date": "2017-01-12T00:14:00",
"db": "BID",
"id": "95355"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002264"
},
{
"date": "2017-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-177"
},
{
"date": "2024-11-21T03:27:09.733000",
"db": "NVD",
"id": "CVE-2017-5153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Coresight and PI Web API Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00496"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-177"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.