Sign-up

ID

VAR-201804-0079


CVE

CVE-2016-8365


TITLE

OSIsoft PI System Local Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // CNVD: CNVD-2016-11094

DESCRIPTION

OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System

Trust: 2.61

sources: NVD: CVE-2016-8365 // JVNDB: JVNDB-2016-009008 // CNVD: CNVD-2016-11094 // BID: 94165 // IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // CNVD: CNVD-2016-11094

AFFECTED PRODUCTS

vendor:osisoftmodel:pi sdkscope:ltversion:1.4.6

Trust: 1.0

vendor:osisoftmodel:pi data archivescope:ltversion:3.4.400.1162

Trust: 1.0

vendor:osisoftmodel:pi buffer subsystemscope:ltversion:4.5.0

Trust: 1.0

vendor:osisoftmodel:pi af clientscope:ltversion:2.8.0

Trust: 1.0

vendor:osisoftmodel:pi af clientscope:ltversion:2016 2.8.0

Trust: 0.8

vendor:osisoftmodel:pi buffer subsystemscope:eqversion:4.4 and less

Trust: 0.8

vendor:osisoftmodel:pi data archivescope:ltversion:2015 3.4.395.64

Trust: 0.8

vendor:osisoftmodel:pi sdkscope:ltversion:2016 1.4.6

Trust: 0.8

vendor:osisoftmodel:pi af clientscope:eqversion:2016(2.8.0)

Trust: 0.6

vendor:osisoftmodel:pi software development kitscope:ltversion:2016(1.4.6)

Trust: 0.6

vendor:osisoftmodel:pi data archivescope:ltversion:2016(3.4.400.1162)

Trust: 0.6

vendor:osisoftmodel:pi sdkscope:eqversion:20160

Trust: 0.3

vendor:osisoftmodel:pi data archivescope:eqversion:20120

Trust: 0.3

vendor:osisoftmodel:pi buffer subsystemscope:eqversion:4.4

Trust: 0.3

vendor:osisoftmodel:pi af clientscope:eqversion:20160

Trust: 0.3

vendor:osisoftmodel:pi sdkscope:neversion:20161.4.6

Trust: 0.3

vendor:osisoftmodel:pi data archivescope:neversion:20163.4.400.1162

Trust: 0.3

vendor:osisoftmodel:pi buffer subsystemscope:neversion:4.5

Trust: 0.3

vendor:osisoftmodel:pi af clientscope:neversion:20162.8

Trust: 0.3

vendor:pi af clientmodel: - scope:eqversion:*

Trust: 0.2

vendor:pi buffer subsystemmodel: - scope:eqversion:*

Trust: 0.2

vendor:pi data archivemodel: - scope:eqversion:*

Trust: 0.2

vendor:pi sdkmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // CNVD: CNVD-2016-11094 // BID: 94165 // JVNDB: JVNDB-2016-009008 // NVD: CVE-2016-8365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8365
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8365
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11094
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-316
value: MEDIUM

Trust: 0.6

IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-8365
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11094
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-8365
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // CNVD: CNVD-2016-11094 // JVNDB: JVNDB-2016-009008 // CNNVD: CNNVD-201611-316 // NVD: CVE-2016-8365

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:CWE-437

Trust: 1.0

sources: JVNDB: JVNDB-2016-009008 // NVD: CVE-2016-8365

THREAT TYPE

local

Trust: 0.9

sources: BID: 94165 // CNNVD: CNNVD-201611-316

TYPE

Access control error

Trust: 0.8

sources: IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // CNNVD: CNNVD-201611-316

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009008

PATCH
title:OSIsoft Releases Security Updates for Core Networking Component in PI System 2016url:https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308
Trust: 0.8
title:OSIsoft PI System Local Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/83850
Trust: 0.6
title:OSIsoft PI System Fixes for local denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65684
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11094 // 
            
            
            
            JVNDB: JVNDB-2016-009008 // 
            
            
            
            CNNVD: CNNVD-201611-316

EXTERNAL IDS
db:NVDid:CVE-2016-8365
Trust: 3.5
db:BIDid:94165
Trust: 2.5
db:CNVDid:CNVD-2016-11094
Trust: 0.8
db:CNNVDid:CNNVD-201611-316
Trust: 0.8
db:JVNDBid:JVNDB-2016-009008
Trust: 0.8
db:IVDid:87D38CA7-2043-4E29-9C00-8DBD6630ADD8
Trust: 0.2
sources:
            
            
            IVD: 87d38ca7-2043-4e29-9c00-8dbd6630add8 // 
            
            
            
            CNVD: CNVD-2016-11094 // 
            
            
            
            BID: 94165 // 
            
            
            
            JVNDB: JVNDB-2016-009008 // 
            
            
            
            CNNVD: CNNVD-201611-316 // 
            
            
            
            NVD: CVE-2016-8365

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/ics-vu-313-03
Trust: 2.7
url:http://www.securityfocus.com/bid/94165
Trust: 2.2
url:https://techsupport.osisoft.com/troubleshooting/alerts/al00308
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8365
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8365
Trust: 0.8
url:https://techsupport.osisoft.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-11094 // 
            
            
            
            BID: 94165 // 
            
            
            
            JVNDB: JVNDB-2016-009008 // 
            
            
            
            CNNVD: CNNVD-201611-316 // 
            
            
            
            NVD: CVE-2016-8365

CREDITS
OSIsoft
Trust: 0.9
sources:
            
            
            BID: 94165 // 
            
            
            
            CNNVD: CNNVD-201611-316

SOURCES
db:IVDid:87d38ca7-2043-4e29-9c00-8dbd6630add8
db:CNVDid:CNVD-2016-11094
db:BIDid:94165
db:JVNDBid:JVNDB-2016-009008
db:CNNVDid:CNNVD-201611-316
db:NVDid:CVE-2016-8365

LAST UPDATE DATE
2024-11-23T23:05:08.988000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11094date:2016-11-15T00:00:00
db:BIDid:94165date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-009008date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201611-316date:2019-10-17T00:00:00
db:NVDid:CVE-2016-8365date:2024-11-21T02:59:13.820

SOURCES RELEASE DATE
db:IVDid:87d38ca7-2043-4e29-9c00-8dbd6630add8date:2016-11-15T00:00:00
db:CNVDid:CNVD-2016-11094date:2016-11-15T00:00:00
db:BIDid:94165date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-009008date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201611-316date:2016-11-17T00:00:00
db:NVDid:CVE-2016-8365date:2018-04-03T14:29:00.247