CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8365
https://notcve.org/view.php?id=CVE-2016-8365
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) El software OSIsoft PI System, en aplicaciones que emplean PI Asset Framework (AF) Client en versiones anteriores a PI AF Client 2016 2.8.0; aplicaciones que emplean PI Software Development Kit (SDK) en versiones anteriores a PI SDK 2016 1.4.6; PI Buffer Subsystem, en versiones anteriores a (e incluyendo) 4.4; y PI Data Archive en versiones anteriores a PI Data Archive 2015 3.4.395.64, opera entre endpoints sin un modelo completo de características de endpoint. Esto podría provocar que el producto realice acciones basado en este modelo incompleto, desembocando en una denegación de servicio. OSIsoft informa que, para explotar esta vulnerabilidad, un atacante necesitaría estar conectado localmente a un servidor. • http://www.securityfocus.com/bid/94165 https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03 https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308 • CWE-284: Improper Access Control CWE-437: Incomplete Model of Endpoint Features •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7529
https://notcve.org/view.php?id=CVE-2018-7529
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. Se ha descubierto un problema de deserialización de datos no fiables en OSIsoft PI Data Archive, versiones 2017 R2 y anteriores. Los usuarios no autenticados podrían modificar los datos deserializados para enviar peticiones personalizadas que provoquen el cierre inesperado del servidor. • http://www.securityfocus.com/bid/103399 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7533
https://notcve.org/view.php?id=CVE-2018-7533
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. Se ha descubierto un problema de permisos por defecto incorrectos en OSIsoft PI Data Archive, versiones 2017 R2 y anteriores. La configuración insegura por defecto podría permitir el escalado de privilegios que otorga al actor el control total del sistema. • http://www.securityfocus.com/bid/103399 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02 • CWE-276: Incorrect Default Permissions •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7531
https://notcve.org/view.php?id=CVE-2018-7531
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. Se ha descubierto un problema de validación de entradas incorrecta en OSIsoft PI Data Archive, versiones 2017 R2 y anteriores. Los usuarios no autenticados podrían utilizar peticiones personalizadas no validadas para provocar el cierre inesperado del servidor. • http://www.securityfocus.com/bid/103399 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7930
https://notcve.org/view.php?id=CVE-2017-7930
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. Se ha descubierto un problema de autenticación incorrecta en OSIsoft PI Server 2017 PI Data Archive en versiones anteriores a la 2017. PI Data Archive cuenta con fallos de protocolo que podrían exponer registros de cambios de forma segura y permitir que un tercero malicioso suplante un servidor en un colectivo. • http://www.securityfocus.com/bid/99059 https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02 • CWE-287: Improper Authentication •