exploitDog

CVE-2017-7930

Опубликовано: 25 авг. 2017

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.

Ссылки

http://www.securityfocus.com/bid/99059
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/99059
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*

Версия до 3.4.410.1256 (включая)

EPSS

Процентиль: 45%

0.00224

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-x243-4m6m-xwjp

CVSS3: 7.4

github

больше 3 лет назад

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.

EPSS

Процентиль: 45%

0.00224

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-287

CWE-287