Vulnerability Details : CVE-2017-5153
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.
Products affected by CVE-2017-5153
- cpe:2.3:a:osisoft:pi_web_api:2016-r2:*:*:*:*:*:*:*
- cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5153
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5153
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-5153
-
The product writes sensitive information to a log file.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5153
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01
404 - File Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/95355
OSIsoft PI Coresight and PI Web API CVE-2017-5153 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to