SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-272043588] OSIsoft PI Server 2017

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-13OtherOSIsoftOSIsoft self-disclosed these vulnerabilities. N/ACVE-2017-7930 CVE-2017-7934 N/AN/AN/A

Source

						
							
								
#
# OSIsoft PI Server 2017
#


### VULNERABLE VENDOR
OSIsoft


### VULNERABLE PRODUCT
PI Server 2017



### RESEARCHER
OSIsoft self-disclosed these vulnerabilities.



### AFFECTED PRODUCTS

OSIsoft reports that the vulnerabilities affect the following PI Server products:

PI Data Archive versions prior to 2017.



### IMPACT

Successful exploitation of these vulnerabilities could allow the attacker to spoof a PI Server or cause undefined behavior within the PI Network Manager.



### VULNERABILITY OVERVIEW

IMPROPER AUTHENTICATION CWE-287
PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.
CVE-2017-7930 has been assigned to this vulnerability.
OSIsoft calculated a CVSS v3 base score of 8.9; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L)


IMPROPER AUTHENTICATION CWE-287
PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner.
CVE-2017-7934 has been assigned to this vulnerability.
OSIsoft calculated a CVSS v3 base score of 5.9; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Multiple Sectors
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States




### MITIGATION

OSIsoft recommends that users upgrade to PI Data Archive 2017. There is more detail in the "Security Information and Guidance" section of the release notes on the OSIsoft web page (user account required):

https://techsupport.osisoft.com/Downloads/File/bd5c24f2-4937-45e6-aaa5-939d6208f5fc


OSIsoft recommends users run the PI Data Archive on a secured internal control or corporate network. For a starting point on PI System security best practices, see Knowledge Base Article KB00833 - Seven best practices for securing your PI Server on the OSIsoft web page:

https://techsupport.osisoft.com/Troubleshooting/KB/KB00833


Please see Security Bulletin AL00315 on the OSIsoft web page for more information about this issue:

https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00315