Sign-up

ID

VAR-201803-2220


CVE

CVE-2018-7531


TITLE

OSIsoft PI Data Archive Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-003016 // CNNVD: CNNVD-201803-454

DESCRIPTION

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

Trust: 2.61

sources: NVD: CVE-2018-7531 // JVNDB: JVNDB-2018-003016 // CNVD: CNVD-2018-05301 // BID: 103399 // IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1 // CNVD: CNVD-2018-05301

AFFECTED PRODUCTS

vendor:osisoftmodel:pi data archivescope:eqversion:2017

Trust: 1.9

vendor:osisoftmodel:pi data archivescope:lteversion:2017

Trust: 1.8

vendor:osisoftmodel:pi data archivescope:lteversion:<=2017

Trust: 0.6

vendor:osisoftmodel:pi data archivescope:eqversion:20120

Trust: 0.3

vendor:osisoftmodel:pi data archive r2scope:neversion:2017

Trust: 0.3

vendor:pi data archivemodel: - scope:eqversion:*

Trust: 0.2

vendor:pi data archivemodel: - scope:eqversion:2017

Trust: 0.2

sources: IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1 // CNVD: CNVD-2018-05301 // BID: 103399 // JVNDB: JVNDB-2018-003016 // CNNVD: CNNVD-201803-454 // NVD: CVE-2018-7531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7531
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7531
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05301
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-454
value: MEDIUM

Trust: 0.6

IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7531
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05301
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7531
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1 // CNVD: CNVD-2018-05301 // JVNDB: JVNDB-2018-003016 // CNNVD: CNNVD-201803-454 // NVD: CVE-2018-7531

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-003016 // NVD: CVE-2018-7531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-454

TYPE

Input validation error

Trust: 1.1

sources: IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1 // BID: 103399 // CNNVD: CNNVD-201803-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003016

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
title:OSIsoft PI Data Archive patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/121503
Trust: 0.6
title:OSIsoft PI Data Archive Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79104
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05301 // 
            
            
            
            JVNDB: JVNDB-2018-003016 // 
            
            
            
            CNNVD: CNNVD-201803-454

EXTERNAL IDS
db:NVDid:CVE-2018-7531
Trust: 3.5
db:ICS CERTid:ICSA-18-072-02
Trust: 3.3
db:BIDid:103399
Trust: 1.9
db:CNVDid:CNVD-2018-05301
Trust: 0.8
db:CNNVDid:CNNVD-201803-454
Trust: 0.8
db:JVNDBid:JVNDB-2018-003016
Trust: 0.8
db:IVDid:E2E59B82-39AB-11E9-9DFB-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e59b82-39ab-11e9-9dfb-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-05301 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003016 // 
            
            
            
            CNNVD: CNNVD-201803-454 // 
            
            
            
            NVD: CVE-2018-7531

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-072-02
Trust: 3.3
url:http://www.securityfocus.com/bid/103399
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7531
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7531
Trust: 0.8
url:https://www.osisoft.com/default.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05301 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003016 // 
            
            
            
            CNNVD: CNNVD-201803-454 // 
            
            
            
            NVD: CVE-2018-7531

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103399

SOURCES
db:IVDid:e2e59b82-39ab-11e9-9dfb-000c29342cb1
db:CNVDid:CNVD-2018-05301
db:BIDid:103399
db:JVNDBid:JVNDB-2018-003016
db:CNNVDid:CNNVD-201803-454
db:NVDid:CVE-2018-7531

LAST UPDATE DATE
2024-11-23T22:45:24.388000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05301date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003016date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-454date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7531date:2024-11-21T04:12:18.497

SOURCES RELEASE DATE
db:IVDid:e2e59b82-39ab-11e9-9dfb-000c29342cb1date:2018-03-14T00:00:00
db:CNVDid:CNVD-2018-05301date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003016date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-454date:2018-03-14T00:00:00
db:NVDid:CVE-2018-7531date:2018-03-14T18:29:00.733