CVE-2018-7500
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
Se ha descubierto un problema de permisos, privilegios y controles de acceso en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Se podría escalar privilegios, lo que daría a los atacantes acceso al sistema PI mediante la cuenta de servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-26 CVE Reserved
- 2018-03-14 CVE Published
- 2023-08-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103396 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Osisoft Search vendor "Osisoft" | Pi Web Api Search vendor "Osisoft" for product "Pi Web Api" | <= 2017 Search vendor "Osisoft" for product "Pi Web Api" and version " <= 2017" | - |
Affected
| ||||||
| Osisoft Search vendor "Osisoft" | Pi Web Api Search vendor "Osisoft" for product "Pi Web Api" | 2017 Search vendor "Osisoft" for product "Pi Web Api" and version "2017" | r2 |
Affected
| ||||||
| Osisoft Search vendor "Osisoft" | Pi Vision Search vendor "Osisoft" for product "Pi Vision" | 2017 Search vendor "Osisoft" for product "Pi Vision" and version "2017" | r2 |
Affected
| ||||||