cnvd-2017-16357
Vulnerability from cnvd
Title
OSIsoft PI Server认证绕过漏洞
Description
OSIsoft PI System是一套数据采集、分析、和可视化软件。PI Server是PI System的核心产品。OSIsoft PI Data Archive是PI Server的一个通过客户端软件实现的数据检索的存储和归档的组件。 OSIsoft PI Server存在认证绕过漏洞。攻击者可以利用漏洞绕过身份验证机制并执行未经授权的操作。
Severity
Patch Name
OSIsoft PI Server认证绕过漏洞的补丁
Patch Description
OSIsoft PI System是一套数据采集、分析、和可视化软件。PI Server是PI System的核心产品。OSIsoft PI Data Archive是PI Server的一个通过客户端软件实现的数据检索的存储和归档的组件。 OSIsoft PI Server存在认证绕过漏洞。攻击者可以利用漏洞绕过身份验证机制并执行未经授权的操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02

Reference
http://www.securityfocus.com/bid/99059
Impacted products
Name
OSISoft PI Data Archive <=2017
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "99059"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7930"
    }
  },
  "description": "OSIsoft PI System\u662f\u4e00\u5957\u6570\u636e\u91c7\u96c6\u3001\u5206\u6790\u3001\u548c\u53ef\u89c6\u5316\u8f6f\u4ef6\u3002PI Server\u662fPI System\u7684\u6838\u5fc3\u4ea7\u54c1\u3002OSIsoft PI Data Archive\u662fPI Server\u7684\u4e00\u4e2a\u901a\u8fc7\u5ba2\u6237\u7aef\u8f6f\u4ef6\u5b9e\u73b0\u7684\u6570\u636e\u68c0\u7d22\u7684\u5b58\u50a8\u548c\u5f52\u6863\u7684\u7ec4\u4ef6\u3002\r\n\r\nOSIsoft PI Server\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "OSIsoft",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-02",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-16357",
  "openTime": "2017-07-25",
  "patchDescription": "OSIsoft PI System\u662f\u4e00\u5957\u6570\u636e\u91c7\u96c6\u3001\u5206\u6790\u3001\u548c\u53ef\u89c6\u5316\u8f6f\u4ef6\u3002PI Server\u662fPI System\u7684\u6838\u5fc3\u4ea7\u54c1\u3002OSIsoft PI Data Archive\u662fPI Server\u7684\u4e00\u4e2a\u901a\u8fc7\u5ba2\u6237\u7aef\u8f6f\u4ef6\u5b9e\u73b0\u7684\u6570\u636e\u68c0\u7d22\u7684\u5b58\u50a8\u548c\u5f52\u6863\u7684\u7ec4\u4ef6\u3002\r\n\r\nOSIsoft PI Server\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OSIsoft PI Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OSISoft PI Data Archive \u003c=2017"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99059",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-21",
  "title": "OSIsoft PI Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.