Vulnerability Description
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osisoft | Pi Coresight | <= 2016-r2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99540Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-04Third Party AdvisoryUS Government Resource
- https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00320Vendor Advisory
- http://www.securityfocus.com/bid/99540Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-04Third Party AdvisoryUS Government Resource
- https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00320Vendor Advisory
FAQ
What is CVE-2017-9641?
CVE-2017-9641 is a vulnerability with a CVSS score of 8.8 (HIGH). PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vul...
How severe is CVE-2017-9641?
CVE-2017-9641 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9641?
Check the references section above for vendor advisories and patch information. Affected products include: Osisoft Pi Coresight.