CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7926
https://notcve.org/view.php?id=CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. Se ha descubierto un problema de Cross-Site Request Forgery en OSIsoft PI Web API en versiones anteriores a la 2017 (1.9.0). Esta vulnerabilidad permite que ocurran ataques Cross-Site Request Forgery (CSRF) cuando una petición cross-site que normalmente no tendría autorización es enviada desde un navegador previamente autenticado por el servidor. • http://www.securityfocus.com/bid/99058 https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7930
https://notcve.org/view.php?id=CVE-2017-7930
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. Se ha descubierto un problema de autenticación incorrecta en OSIsoft PI Server 2017 PI Data Archive en versiones anteriores a la 2017. PI Data Archive cuenta con fallos de protocolo que podrían exponer registros de cambios de forma segura y permitir que un tercero malicioso suplante un servidor en un colectivo. • http://www.securityfocus.com/bid/99059 https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7934
https://notcve.org/view.php?id=CVE-2017-7934
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. Se ha descubierto un problema de autenticación incorrecta en OSIsoft PI Server 2017 PI Data Archive en versiones anteriores a la 2017. PI Network Manager, cuando emplea versiones antiguas del protocolo, contiene un fallo que podría permitir que un usuario malicioso se autentique con un servidor y provoque que PI Network Manager se comporte de forma sin especificar. • http://www.securityfocus.com/bid/99059 https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9655
https://notcve.org/view.php?id=CVE-2017-9655
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. Se ha descubierto un problema de tipo Cross-Site Scripting (XSS) en OSIsoft PI Integrator for Business Analytics en versiones anteriores a la 2016 R2, PI Integrator for Microsoft Azure en versiones anteriores a la 2016 R2 SP1, y PI Integrator for SAP HANA en versiones anteriores a la 2017. Un atacante podría ser capaz de subir un script malicioso que intente redireccionar usuarios a un sitio web malicioso. • http://www.securityfocus.com/bid/100212 https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01 https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9653
https://notcve.org/view.php?id=CVE-2017-9653
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. Se ha descubierto un problema de autenticación incorrecta en OSIsoft PI Integrator for Business Analytics en versiones anteriores a la 2016 R2, PI Integrator for Microsoft Azure en versiones anteriores a la 2016 R2 SP1, y PI Integrator for SAP HANA en versiones anteriores a la 2017. Un atacante puede obtener acceso con privilegios al sistema sin estar autenticado. • http://www.securityfocus.com/bid/100212 https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01 https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324 • CWE-863: Incorrect Authorization •