var-201708-1404
Vulnerability from variot
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 1.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "2016"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "2016"
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_business_analystics",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_microsoft_azure",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_sap_hana",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9653",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9653",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9653",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9653",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An unauthorized access vulnerability exists in OSIsoft PI Integrator. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9653",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-22841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586",
"trust": 0.8
},
{
"db": "IVD",
"id": "3C9B8A2F-E383-4F65-A360-5A5A2835FD54",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"id": "VAR-201708-1404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
]
},
"last_update_date": "2024-11-23T21:40:30.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324"
},
{
"title": "OSIsoft PI Integrator does not authorize access to the vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100822"
},
{
"title": "OSIsoft PI Integrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99850"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-285",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9653"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9653"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"date": "2017-08-14T16:29:00.257000",
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22841"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007586"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-584"
},
{
"date": "2024-11-21T03:36:35.357000",
"db": "NVD",
"id": "CVE-2017-9653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3c9b8a2f-e383-4f65-a360-5a5a2835fd54"
},
{
"db": "CNVD",
"id": "CNVD-2017-22841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-584"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…