var-201708-1405
Vulnerability from variot
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi integrator for sap hana",
"scope": "lt",
"trust": 1.4,
"vendor": "osisoft",
"version": "2017"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2"
},
{
"model": "pi integrator for microsoft azure",
"scope": "lt",
"trust": 0.8,
"vendor": "osisoft",
"version": "2016 r2 sp1"
},
{
"model": "pi integrator for business analytics r2",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure r2 sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analystics",
"scope": "eq",
"trust": 0.6,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for sap hana",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for microsoft azure",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "20160"
},
{
"model": "pi integrator for business analytics and sap hana sql utility",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016"
},
{
"model": "pi integrator for business analytics 2016-business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "0"
},
{
"model": "pi integrator for business analytics data warehouse",
"scope": "eq",
"trust": 0.3,
"vendor": "osisoft",
"version": "2016-0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for business analystics",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for microsoft azure",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pi integrator for sap hana",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_business_analystics",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_microsoft_azure",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_sap_hana",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft",
"sources": [
{
"db": "BID",
"id": "100212"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-9655",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-22840",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-9655",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9655",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9655",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. OSIsoft PI Integrator Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. OSIsoft PI Integrator is a tool for OSIsoft to provide visual data for external systems. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or gain elevated privileges and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9655"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9655",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-220-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100212",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178",
"trust": 0.8
},
{
"db": "IVD",
"id": "B736DB0C-4A0D-4B79-A22A-798941A2FF2F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"id": "VAR-201708-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
],
"trust": 1.45132275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
}
]
},
"last_update_date": "2024-11-23T21:40:31.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AL00324 - Security updates for PI Integrator For Business Analytics 2016, PI Integrator for Microsoft Azure 2016, and PI Integrator for SAP HANA 2016",
"trust": 0.8,
"url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324"
},
{
"title": "Patch for OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100819"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-220-01"
},
{
"trust": 1.9,
"url": "https://techsupport.osisoft.com/troubleshooting/alerts/al00324"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9655"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9655"
},
{
"trust": 0.3,
"url": "https://techsupport.osisoft.com/products/pi-integrators/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "BID",
"id": "100212"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"date": "2017-08-14T16:29:00.287000",
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"date": "2017-08-08T00:00:00",
"db": "BID",
"id": "100212"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007178"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-582"
},
{
"date": "2024-11-21T03:36:35.597000",
"db": "NVD",
"id": "CVE-2017-9655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSIsoft PI Integrator Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b736db0c-4a0d-4b79-a22a-798941a2ff2f"
},
{
"db": "CNVD",
"id": "CNVD-2017-22840"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-582"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…