CVE-2017-5153

Name of the Vulnerable Software and Affected Versions OSIsoft PI Coresight versions 2016 R2 and earlier OSIsoft PI Web API versions 2016 R2 and earlier

Description An issue has been identified that may expose service account passwords through server log files, potentially leading to unauthorized shutdown of the affected services and reuse of domain credentials.

Recommendations For OSIsoft PI Coresight versions 2016 R2 and earlier, consider restricting access to server log files to minimize the risk of exposure. For OSIsoft PI Web API versions 2016 R2 and earlier, restrict access to server log files until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.