| |
Vulnerability CVE-2018-7500
Published: 2018-03-14
Description: |
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. |
Type:
CWE-noinfo
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.securityfocus.com/bid/103396
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|