CVE-2016-8365

Name of the Vulnerable Software and Affected Versions OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to 2016, Version 2.8.0) OSIsoft PI System software (Applications using PI Software Development Kit (SDK) versions prior to 2016, Version 1.4.6) OSIsoft PI System software (PI Buffer Subsystem, versions prior to and including, Version 4.4) OSIsoft PI System software (PI Data Archive versions prior to 2015, Version 3.4.395.64)

Description The software operates between endpoints without a complete model of endpoint features, potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. An attacker would need to be locally connected to a server to exploit the issue.

Recommendations For Applications using PI Asset Framework (AF) Client versions prior to 2016, Version 2.8.0, update to PI AF Client 2016, Version 2.8.0 or later. For Applications using PI Software Development Kit (SDK) versions prior to 2016, Version 1.4.6, update to PI SDK 2016, Version 1.4.6 or later. For PI Buffer Subsystem, versions prior to and including, Version 4.4, update to a version later than 4.4. For PI Data Archive versions prior to 2015, Version 3.4.395.64, update to PI Data Archive 2015, Version 3.4.395.64 or later.