Sign-up

ID

VAR-201803-2222


CVE

CVE-2018-7533


TITLE

OSIsoft PI Data Archive Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003017

DESCRIPTION

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible

Trust: 2.61

sources: NVD: CVE-2018-7533 // JVNDB: JVNDB-2018-003017 // CNVD: CNVD-2018-05302 // BID: 103399 // IVD: e2e59b81-39ab-11e9-a837-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e59b81-39ab-11e9-a837-000c29342cb1 // CNVD: CNVD-2018-05302

AFFECTED PRODUCTS

vendor:osisoftmodel:pi data archivescope:eqversion:2017

Trust: 1.9

vendor:osisoftmodel:pi data archivescope:lteversion:2017

Trust: 1.8

vendor:osisoftmodel:pi data archivescope:lteversion:<=2017

Trust: 0.6

vendor:osisoftmodel:pi data archivescope:eqversion:20120

Trust: 0.3

vendor:osisoftmodel:pi data archive r2scope:neversion:2017

Trust: 0.3

vendor:pi data archivemodel: - scope:eqversion:*

Trust: 0.2

vendor:pi data archivemodel: - scope:eqversion:2017

Trust: 0.2

sources: IVD: e2e59b81-39ab-11e9-a837-000c29342cb1 // CNVD: CNVD-2018-05302 // BID: 103399 // JVNDB: JVNDB-2018-003017 // CNNVD: CNNVD-201803-453 // NVD: CVE-2018-7533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7533
value: HIGH

Trust: 1.0

NVD: CVE-2018-7533
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-05302
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-453
value: HIGH

Trust: 0.6

IVD: e2e59b81-39ab-11e9-a837-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-7533
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05302
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e59b81-39ab-11e9-a837-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7533
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e59b81-39ab-11e9-a837-000c29342cb1 // CNVD: CNVD-2018-05302 // JVNDB: JVNDB-2018-003017 // CNNVD: CNNVD-201803-453 // NVD: CVE-2018-7533

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2018-003017 // NVD: CVE-2018-7533

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-453

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003017

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
title:Patch for OSIsoft PI Data Archive Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/121505
Trust: 0.6
title:OSIsoft PI Data Archive Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79103
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05302 // 
            
            
            
            JVNDB: JVNDB-2018-003017 // 
            
            
            
            CNNVD: CNNVD-201803-453

EXTERNAL IDS
db:NVDid:CVE-2018-7533
Trust: 3.5
db:ICS CERTid:ICSA-18-072-02
Trust: 3.3
db:BIDid:103399
Trust: 1.9
db:CNVDid:CNVD-2018-05302
Trust: 0.8
db:CNNVDid:CNNVD-201803-453
Trust: 0.8
db:JVNDBid:JVNDB-2018-003017
Trust: 0.8
db:IVDid:E2E59B81-39AB-11E9-A837-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e59b81-39ab-11e9-a837-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-05302 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003017 // 
            
            
            
            CNNVD: CNNVD-201803-453 // 
            
            
            
            NVD: CVE-2018-7533

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-072-02
Trust: 3.3
url:http://www.securityfocus.com/bid/103399
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7533
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7533
Trust: 0.8
url:https://www.osisoft.com/default.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05302 // 
            
            
            
            BID: 103399 // 
            
            
            
            JVNDB: JVNDB-2018-003017 // 
            
            
            
            CNNVD: CNNVD-201803-453 // 
            
            
            
            NVD: CVE-2018-7533

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103399

SOURCES
db:IVDid:e2e59b81-39ab-11e9-a837-000c29342cb1
db:CNVDid:CNVD-2018-05302
db:BIDid:103399
db:JVNDBid:JVNDB-2018-003017
db:CNNVDid:CNNVD-201803-453
db:NVDid:CVE-2018-7533

LAST UPDATE DATE
2024-11-23T22:45:24.460000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05302date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003017date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-453date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7533date:2024-11-21T04:12:18.710

SOURCES RELEASE DATE
db:IVDid:e2e59b81-39ab-11e9-a837-000c29342cb1date:2018-03-14T00:00:00
db:CNVDid:CNVD-2018-05302date:2018-03-14T00:00:00
db:BIDid:103399date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-003017date:2018-05-09T00:00:00
db:CNNVDid:CNNVD-201803-453date:2018-03-14T00:00:00
db:NVDid:CVE-2018-7533date:2018-03-14T18:29:00.780