Vulnerability Details : CVE-2018-7529
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.
Products affected by CVE-2018-7529
- cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7529
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7529
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7529
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-7529
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02
OSIsoft PI Data Archive | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/103399
OSIsoft PI Data Archive Privilege Escalation and Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
Jump to