Vulnerabilities > CVE-2017-9653 - Incorrect Authorization vulnerability in Osisoft products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

osisoft

CWE-863

NVD

Published: 2017-08-14

Updated: 2019-10-03

Summary

An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.

Vulnerable Configurations

Part	Description	Count
Application	Osisoft Osisoft PI Integrator FOR Business Analystics 2016 Osisoft PI Integrator FOR Microsoft Azure 2016 Osisoft PI Integrator FOR SAP Hana 2016	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.securityfocus.com/bid/100212
https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01
https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324