CVE-2016-8365 — MEDIUM (5.5)

Q: How severe is CVE-2016-8365?

CVE-2016-8365 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-8365?

Check the references section above for vendor advisories and patch information. Affected products include: Osisoft Pi Af Client, Osisoft Pi Buffer Subsystem, Osisoft Pi Data Archive, Osisoft Pi Sdk.

Vulnerability Description

OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Osisoft	Pi Af Client	< 2.8.0
Osisoft	Pi Buffer Subsystem	< 4.5.0
Osisoft	Pi Data Archive	< 3.4.400.1162
Osisoft	Pi Sdk	< 1.4.6

Related Weaknesses (CWE)

CWE-284 CWE-437

References

http://www.securityfocus.com/bid/94165Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03Third Party AdvisoryUS Government Resource
https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308Vendor Advisory
http://www.securityfocus.com/bid/94165Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03Third Party AdvisoryUS Government Resource
https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308Vendor Advisory

FAQ

What is CVE-2016-8365?

CVE-2016-8365 is a vulnerability with a CVSS score of 5.5 (MEDIUM). OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to...

How severe is CVE-2016-8365?

CVE-2016-8365 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8365?

Check the references section above for vendor advisories and patch information. Affected products include: Osisoft Pi Af Client, Osisoft Pi Buffer Subsystem, Osisoft Pi Data Archive, Osisoft Pi Sdk.