CVE-2017-5153
Last modified
CVE-2017-5153 is a vulnerability of currently unknown severity. An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Osisoft | Pi Coresight | <= 2016-r2 |
| Osisoft | Pi Web Api | 2016-r2 |
References
- http://www.securityfocus.com/bid/95355Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/95355Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5153?
How severe is CVE-2017-5153?
How do I fix CVE-2017-5153?
Are you affected by CVE-2017-5153?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST