Vulnerability Details : CVE-2018-7500
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
Products affected by CVE-2018-7500
- cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*
- cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*
- cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7500
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7500
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-7500
-
Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2018-7500
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04
OSIsoft PI Web API | CISAMitigation;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/103396
OSIsoft PI Web API Privilege Escalation and Cross Site Scripting VulnerabilitiesThird Party Advisory;VDB Entry
Jump to