Vulnerability Description
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osisoft | Pi Web Api | <= 2017 |
| Osisoft | Pi Vision | 2017 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103396Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/103396Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-7500?
CVE-2018-7500 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the serv...
How severe is CVE-2018-7500?
CVE-2018-7500 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7500?
Check the references section above for vendor advisories and patch information. Affected products include: Osisoft Pi Web Api, Osisoft Pi Vision.