Sign-up

ID

VAR-201803-2176


CVE

CVE-2018-7496


TITLE

OSIsoft PI Vision Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1 // CNVD: CNVD-2018-05315 // CNNVD: CNNVD-201803-459

DESCRIPTION

An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. PI Vision is the leading visualization tool for fast, easy and secure access to all PI SystemTM data. OSIsoft PI Vision is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.61

sources: NVD: CVE-2018-7496 // JVNDB: JVNDB-2018-003011 // CNVD: CNVD-2018-05315 // BID: 103390 // IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1 // CNVD: CNVD-2018-05315

AFFECTED PRODUCTS

vendor:osisoftmodel:pi visionscope:lteversion:2017

Trust: 1.8

vendor:osisoftmodel:pi visionscope:eqversion:2017

Trust: 0.9

vendor:osisoftmodel:pi visionscope:lteversion:<=2017

Trust: 0.6

vendor:osisoftmodel:pi vision r2 updatescope:neversion:20171

Trust: 0.3

vendor:pi visionmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1 // CNVD: CNVD-2018-05315 // BID: 103390 // JVNDB: JVNDB-2018-003011 // CNNVD: CNNVD-201803-459 // NVD: CVE-2018-7496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7496
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7496
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05315
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-459
value: MEDIUM

Trust: 0.6

IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7496
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05315
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7496
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1 // CNVD: CNVD-2018-05315 // JVNDB: JVNDB-2018-003011 // CNNVD: CNNVD-201803-459 // NVD: CVE-2018-7496

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-003011 // NVD: CVE-2018-7496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-459

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003011

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
title:OSIsoft PI Vision Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/121513
Trust: 0.6
title:OSIsoft PI Vision Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79109
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05315 // 
            
            
            
            JVNDB: JVNDB-2018-003011 // 
            
            
            
            CNNVD: CNNVD-201803-459

EXTERNAL IDS
db:NVDid:CVE-2018-7496
Trust: 3.5
db:ICS CERTid:ICSA-18-072-03
Trust: 3.3
db:BIDid:103390
Trust: 1.9
db:CNVDid:CNVD-2018-05315
Trust: 0.8
db:CNNVDid:CNNVD-201803-459
Trust: 0.8
db:JVNDBid:JVNDB-2018-003011
Trust: 0.8
db:IVDid:E2E65ED1-39AB-11E9-9398-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e65ed1-39ab-11e9-9398-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-05315 // 
            
            
            
            BID: 103390 // 
            
            
            
            JVNDB: JVNDB-2018-003011 // 
            
            
            
            CNNVD: CNNVD-201803-459 // 
            
            
            
            NVD: CVE-2018-7496

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-072-03
Trust: 3.3
url:http://www.securityfocus.com/bid/103390
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7496
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7496
Trust: 0.8
url:https://www.osisoft.com/default.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05315 // 
            
            
            
            BID: 103390 // 
            
            
            
            JVNDB: JVNDB-2018-003011 // 
            
            
            
            CNNVD: CNNVD-201803-459 // 
            
            
            
            NVD: CVE-2018-7496

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103390

SOURCES
db:IVDid:e2e65ed1-39ab-11e9-9398-000c29342cb1
db:CNVDid:CNVD-2018-05315
db:BIDid:103390
db:JVNDBid:JVNDB-2018-003011
db:CNNVDid:CNNVD-201803-459
db:NVDid:CVE-2018-7496

LAST UPDATE DATE
2024-11-23T23:02:11.149000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05315date:2018-03-15T00:00:00
db:BIDid:103390date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003011date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-459date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7496date:2024-11-21T04:12:14.730

SOURCES RELEASE DATE
db:IVDid:e2e65ed1-39ab-11e9-9398-000c29342cb1date:2018-03-15T00:00:00
db:CNVDid:CNVD-2018-05315date:2018-03-15T00:00:00
db:BIDid:103390date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003011date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-459date:2018-03-14T00:00:00
db:NVDid:CVE-2018-7496date:2018-03-14T18:29:00.453