← Back

CVE-2018-7500

nvd nist
Published: Mar 14, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.

Affected (3)

Osisoft
2 products
Pi Web Api
Pi Vision
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Osisoft
Pi Web Api
Up to 2017
Pi Web Api
Version 2017 r2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Pi Vision
Version 2017 r2

Related CWEs

CWE-264
CWE-264

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.