Vulnerability Description
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osisoft | Pi Server | 2.6 |
| Osisoft | Pi Sql For Af | 2.1.2.19 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01Third Party AdvisoryUS Government Resource
- https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01Third Party AdvisoryUS Government Resource
- https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280Vendor Advisory
FAQ
What is CVE-2015-1013?
CVE-2015-1013 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended comma...
How severe is CVE-2015-1013?
CVE-2015-1013 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1013?
Check the references section above for vendor advisories and patch information. Affected products include: Osisoft Pi Server, Osisoft Pi Sql For Af.