PT-2017-18007 · Osisoft · Osisoft Pi Server+2

Published

2017-08-25

Updated

2019-10-09

CVE-2017-7934

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OSIsoft PI Server 2017 PI Data Archive versions prior to 2017

Description An issue with improper authentication was found, which could allow a malicious user to authenticate with a server. This flaw is related to the use of older protocol versions in PI Network Manager, potentially causing it to behave in an undefined manner.

Recommendations For OSIsoft PI Server 2017 PI Data Archive versions prior to 2017, update to a version that addresses the improper authentication issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of older protocol versions in PI Network Manager to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-7934

Affected Products

Osisoft Pi Server

Pi Data Archive

Networkmanager

PT-2017-18007 · Osisoft · Osisoft Pi Server+2

CVE-2017-7934

Weakness Enumeration

Related Identifiers

Affected Products

References · 4