CVE-2018-7500
Summary
| CVE | CVE-2018-7500 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-14 18:29:00 UTC |
| Updated | 2019-10-09 23:42:00 UTC |
| Description | A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Osisoft | Pi Vision | 2017 | r2 | All | All |
| Application | Osisoft | Pi Vision | 2017 | r2 | All | All |
| Application | Osisoft | Pi Web Api | 2017 | r2 | All | All |
| Application | Osisoft | Pi Web Api | 2017 | r2 | All | All |
| Application | Osisoft | Pi Web Api | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OSIsoft PI Web API Privilege Escalation and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| OSIsoft PI Web API | CISA | MISC | ics-cert.us-cert.gov | Mitigation, Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.