CVE-2017-7930
First published: Fri Aug 25 2017(Updated: )
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Data Archive | <=3.4.410.1256 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7930?
CVE-2017-7930 has a severity rating of medium due to its improper authentication issue that can lead to exposure of sensitive data.
How do I fix CVE-2017-7930?
To fix CVE-2017-7930, upgrade your OSIsoft PI Data Archive to version 3.4.410.1256 or later.
What are the potential impacts of CVE-2017-7930?
The potential impacts of CVE-2017-7930 include unauthorized access to change records and server spoofing within a collective.
Which versions of OSIsoft PI Data Archive are affected by CVE-2017-7930?
CVE-2017-7930 affects OSIsoft PI Data Archive versions prior to 3.4.410.1256.
Is there a workaround for CVE-2017-7930 while waiting for a patch?
Currently, there are no documented workarounds for CVE-2017-7930, so upgrading to a fixed version is recommended.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/osisoft
- canonical/osisoft pi data archive
- version/osisoft pi data archive/3.4.410.1256