{"api_version":"1","generated_at":"2026-06-13T23:30:16+00:00","cve":"CVE-2018-7500","urls":{"html":"https://cve.report/CVE-2018-7500","api":"https://cve.report/api/cve/CVE-2018-7500.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-7500","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-7500"},"summary":{"title":"CVE-2018-7500","description":"A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-03-14 18:29:00","updated_at":"2019-10-09 23:42:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/103396","name":"103396","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"OSIsoft PI Web API Privilege Escalation and Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04","refsource":"MISC","tags":["Mitigation","Third Party Advisory","US Government Resource"],"title":"OSIsoft PI Web API | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-7500","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7500","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"7500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"osisoft","cpe5":"pi_vision","cpe6":"2017","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"osisoft","cpe5":"pi_vision","cpe6":"2017","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"osisoft","cpe5":"pi_web_api","cpe6":"2017","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"osisoft","cpe5":"pi_web_api","cpe6":"2017","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7500","vulnerable":"1","versionEndIncluding":"2017","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"osisoft","cpe5":"pi_web_api","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2018-7500","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OSIsoft PI Web API","version":{"version_data":[{"version_value":"OSIsoft PI Web API"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-264"}]}]},"references":{"reference_data":[{"name":"103396","refsource":"BID","url":"http://www.securityfocus.com/bid/103396"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04"}]}},"nvd":{"publishedDate":"2018-03-14 18:29:00","lastModifiedDate":"2019-10-09 23:42:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*","versionEndIncluding":"2017","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"7500","Ordinal":"123782","Title":"CVE-2018-7500","CVE":"CVE-2018-7500","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"7500","Ordinal":"1","NoteData":"A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"7500","Ordinal":"2","NoteData":"2018-03-14","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"7500","Ordinal":"3","NoteData":"2018-03-15","Type":"Other","Title":"Modified"}]}}}