Sign-up

ID

VAR-202001-0593


CVE

CVE-2019-18275


TITLE

OSIsoft PI Vision Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-014215

DESCRIPTION

OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes. OSIsoft PI Vision Contains an incorrect authentication vulnerability.Information may be obtained. OSIsoft PI Vision is a set of commercialized software application platform based on Ckient / Server structure of OSIsoft Company in the United States, which supports data collection, analysis and visualization

Trust: 2.16

sources: NVD: CVE-2019-18275 // JVNDB: JVNDB-2019-014215 // CNVD: CNVD-2020-02461

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02461

AFFECTED PRODUCTS

vendor:osisoftmodel:pi visionscope:ltversion:2019

Trust: 2.4

sources: CNVD: CNVD-2020-02461 // JVNDB: JVNDB-2019-014215 // NVD: CVE-2019-18275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18275
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18275
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02461
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-523
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18275
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02461
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18275
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18275
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02461 // JVNDB: JVNDB-2019-014215 // CNNVD: CNNVD-202001-523 // NVD: CVE-2019-18275

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2019-014215 // NVD: CVE-2019-18275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-523

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-523

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014215

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
title:Patch for OSIsoft PI Vision Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197311
Trust: 0.6
title:OSIsoft LLC PI Vision Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108517
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02461 // 
            
            
            
            JVNDB: JVNDB-2019-014215 // 
            
            
            
            CNNVD: CNNVD-202001-523

EXTERNAL IDS
db:NVDid:CVE-2019-18275
Trust: 3.0
db:ICS CERTid:ICSA-20-014-06
Trust: 3.0
db:JVNDBid:JVNDB-2019-014215
Trust: 0.8
db:CNVDid:CNVD-2020-02461
Trust: 0.6
db:AUSCERTid:ESB-2020.0161
Trust: 0.6
db:NSFOCUSid:47494
Trust: 0.6
db:CNNVDid:CNNVD-202001-523
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02461 // 
            
            
            
            JVNDB: JVNDB-2019-014215 // 
            
            
            
            CNNVD: CNNVD-202001-523 // 
            
            
            
            NVD: CVE-2019-18275

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-014-06
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-18275
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18275
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0161/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47494
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02461 // 
            
            
            
            JVNDB: JVNDB-2019-014215 // 
            
            
            
            CNNVD: CNNVD-202001-523 // 
            
            
            
            NVD: CVE-2019-18275

SOURCES
db:CNVDid:CNVD-2020-02461
db:JVNDBid:JVNDB-2019-014215
db:CNNVDid:CNNVD-202001-523
db:NVDid:CVE-2019-18275

LAST UPDATE DATE
2024-11-23T21:00:01.437000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02461date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014215date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-523date:2020-10-27T00:00:00
db:NVDid:CVE-2019-18275date:2024-11-21T04:32:57.107

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02461date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014215date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-523date:2020-01-14T00:00:00
db:NVDid:CVE-2019-18275date:2020-01-15T19:15:13.737