What is the severity of CVE-2009-0209?

CVE-2009-0209 is considered to have a moderate severity level due to the potential for unauthorized access to databases.

How do I fix CVE-2009-0209?

To fix CVE-2009-0209, it is recommended to upgrade to the latest version of the OSIsoft PI Server that addresses encryption issues in authentication.

What versions of OSIsoft PI Server are affected by CVE-2009-0209?

CVE-2009-0209 affects several versions of OSIsoft PI Server prior to 3.4.380.x, including versions 2.4, 2.6, 3.4.363.97, and 3.4.375.99.

What types of attacks can CVE-2009-0209 facilitate?

CVE-2009-0209 can facilitate attacks that allow remote attackers to read or modify information in databases due to insufficient encryption.

Is there any workaround for CVE-2009-0209?

There are no recommended workarounds for CVE-2009-0209; the best course of action is to upgrade to a secure version.

Vulnerability/
CVE-2009-0209

medium

6.4

CWE

310

1/10/2009

11/10/2018

CVE-2009-0209

First published: Thu Oct 01 2009(Updated: )

PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Osisoft Pi Server	=3.4.363.97
Osisoft Pi Server	=3.4.375.99-sp2
Osisoft Pi Server	=3.4.370
Osisoft Pi Server	<=3.4.375.99
Osisoft Pi Server	=2.6
Osisoft Pi Server	=2.4

Never miss a vulnerability like this again

Reference Links

http://www.securityfocus.com/archive/1/506826/100/0/threaded

Frequently Asked Questions

What is the severity of CVE-2009-0209?
CVE-2009-0209 is considered to have a moderate severity level due to the potential for unauthorized access to databases.
How do I fix CVE-2009-0209?
To fix CVE-2009-0209, it is recommended to upgrade to the latest version of the OSIsoft PI Server that addresses encryption issues in authentication.
What versions of OSIsoft PI Server are affected by CVE-2009-0209?
CVE-2009-0209 affects several versions of OSIsoft PI Server prior to 3.4.380.x, including versions 2.4, 2.6, 3.4.363.97, and 3.4.375.99.
What types of attacks can CVE-2009-0209 facilitate?
CVE-2009-0209 can facilitate attacks that allow remote attackers to read or modify information in databases due to insufficient encryption.
Is there any workaround for CVE-2009-0209?
There are no recommended workarounds for CVE-2009-0209; the best course of action is to upgrade to a secure version.

collector/nvd-historical
collector/nvd-index
agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
vendor/osisoft
canonical/osisoft pi server
version/osisoft pi server/3.4.363.97
version/osisoft pi server/3.4.375.99-sp2
version/osisoft pi server/3.4.370
version/osisoft pi server/3.4.375.99
version/osisoft pi server/2.6
version/osisoft pi server/2.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.