What is the severity of CVE-2017-5153?

CVE-2017-5153 has a severity rating that indicates a moderate risk primarily related to information exposure.

How do I fix CVE-2017-5153?

To fix CVE-2017-5153, you should upgrade to a version of OSIsoft PI Coresight or PI Web API later than 2016 R2 that addresses the vulnerability.

What is the impact of CVE-2017-5153?

The impact of CVE-2017-5153 includes potential unauthorized access to service account passwords through server log files.

Which versions are affected by CVE-2017-5153?

CVE-2017-5153 affects OSIsoft PI Coresight versions up to and including 2016 R2 and PI Web API version 2016 R2.

Who should be concerned about CVE-2017-5153?

Organizations using OSIsoft PI Coresight or PI Web API versions up to 2016 R2 should be concerned about CVE-2017-5153.

Vulnerability/
CVE-2017-5153

high

7.8

CWE

532

13/2/2017

5/8/2024

CVE-2017-5153

First published: Mon Feb 13 2017(Updated: )

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
OSIsoft PI Coresight	<=2016-r2
AVEVA PI Web API	=2016-r2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-5153?
CVE-2017-5153 has a severity rating that indicates a moderate risk primarily related to information exposure.
How do I fix CVE-2017-5153?
To fix CVE-2017-5153, you should upgrade to a version of OSIsoft PI Coresight or PI Web API later than 2016 R2 that addresses the vulnerability.
What is the impact of CVE-2017-5153?
The impact of CVE-2017-5153 includes potential unauthorized access to service account passwords through server log files.
Which versions are affected by CVE-2017-5153?
CVE-2017-5153 affects OSIsoft PI Coresight versions up to and including 2016 R2 and PI Web API version 2016 R2.
Who should be concerned about CVE-2017-5153?
Organizations using OSIsoft PI Coresight or PI Web API versions up to 2016 R2 should be concerned about CVE-2017-5153.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/osisoft
canonical/osisoft pi coresight
version/osisoft pi coresight/2016-r2
canonical/aveva pi web api
version/aveva pi web api/2016-r2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.