Sign-up

ID

VAR-201803-2219


CVE

CVE-2018-7529


TITLE

OSIsoft PI Data Archive Vulnerable to unreliable data deserialization

Trust: 0.8

sources: JVNDB: JVNDB-2018-003015

DESCRIPTION

A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

Trust: 2.61

sources: NVD: CVE-2018-7529 // JVNDB: JVNDB-2018-003015 // CNVD: CNVD-2018-05303 // BID: 103399 // IVD: e2e59b80-39ab-11e9-b243-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e59b80-39ab-11e9-b243-000c29342cb1 // CNVD: CNVD-2018-05303

AFFECTED PRODUCTS

vendor:osisoftmodel:pi data archivescope:lteversion:2017

Trust: 1.8

vendor:osisoftmodel:pi data archivescope:eqversion:2017

Trust: 0.9

vendor:osisoftmodel:pi data archivescope:lteversion:<=2017

Trust: 0.6

vendor:osisoftmodel:pi data archivescope:eqversion:20120

Trust: 0.3

vendor:osisoftmodel:pi data archive r2scope:neversion:2017

Trust: 0.3

vendor:pimodel:data archivescope:eqversion:*

Trust: 0.2

sources: IVD: e2e59b80-39ab-11e9-b243-000c29342cb1 // CNVD: CNVD-2018-05303 // BID: 103399 // JVNDB: JVNDB-2018-003015 // CNNVD: CNNVD-201803-455 // NVD: CVE-2018-7529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7529
value: HIGH

Trust: 1.0

NVD: CVE-2018-7529
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-05303
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-455
value: HIGH

Trust: 0.6

IVD: e2e59b80-39ab-11e9-b243-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-7529
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05303
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e59b80-39ab-11e9-b243-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2e59b80-39ab-11e9-b243-000c29342cb1 // CNVD: CNVD-2018-05303 // JVNDB: JVNDB-2018-003015 // CNNVD: CNNVD-201803-455 // NVD: CVE-2018-7529

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.8

sources: JVNDB: JVNDB-2018-003015 // NVD: CVE-2018-7529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-455

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e59b80-39ab-11e9-b243-000c29342cb1 // CNNVD: CNNVD-201803-455

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003015

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
title:Patch for OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)url:https://www.cnvd.org.cn/patchInfo/show/121507
Trust: 0.6
title:OSIsoft PI Data Archive Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79105
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05303 // 
            
            
            
            JVNDB: JVNDB-2018-003015 // 
            
            
            
            CNNVD: CNNVD-201803-455

EXTERNAL IDS
db:NVDid:CVE-2018-7529
Trust: 3.5
db:ICS CERTid:ICSA-18-072-02
Trust: 3.3
db:BIDid:103399
Trust: 1.9
db:CNVDid:CNVD-2018-05303
Trust: 0.8
db:CNNVDid:CNNVD-201803-455
Trust: 0.8
db:JVNDBid:JVNDB-2018-003015
Trust: 0.8
db:IVDid:E2E59B80-39AB-11E9-B243-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e59b80-39ab-11e9-b243-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-05303 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003015 // 
            
            
            
            CNNVD: CNNVD-201803-455 // 
            
            
            
            NVD: CVE-2018-7529

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-072-02
Trust: 3.3
url:http://www.securityfocus.com/bid/103399
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7529
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7529
Trust: 0.8
url:https://www.osisoft.com/default.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05303 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003015 // 
            
            
            
            CNNVD: CNNVD-201803-455 // 
            
            
            
            NVD: CVE-2018-7529

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103399

SOURCES
db:IVDid:e2e59b80-39ab-11e9-b243-000c29342cb1
db:CNVDid:CNVD-2018-05303
db:BIDid:103399
db:JVNDBid:JVNDB-2018-003015
db:CNNVDid:CNNVD-201803-455
db:NVDid:CVE-2018-7529

LAST UPDATE DATE
2024-11-23T22:45:24.423000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05303date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003015date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-455date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7529date:2024-11-21T04:12:18.293

SOURCES RELEASE DATE
db:IVDid:e2e59b80-39ab-11e9-b243-000c29342cb1date:2018-03-14T00:00:00
db:CNVDid:CNVD-2018-05303date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003015date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-455date:2018-03-14T00:00:00
db:NVDid:CVE-2018-7529date:2018-03-14T18:29:00.670