CVE-2018-7500
First published: Wed Mar 14 2018(Updated: )
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Web API | <=2017 | |
| OSIsoft PI Web API | =2017-r2 | |
| OSIsoft PI Vision | =2017-r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7500?
CVE-2018-7500 is a Permissions, Privileges, and Access Controls issue in OSIsoft PI Web API versions 2017 R2 and prior that allows attackers to escalate privileges and gain access to the PI System.
What is the severity of CVE-2018-7500?
CVE-2018-7500 has a severity rating of 9.8 (Critical).
How can attackers exploit CVE-2018-7500?
Attackers can exploit CVE-2018-7500 by escalating privileges and gaining access to the PI System via the service account.
Which software versions are affected by CVE-2018-7500?
OSIsoft PI Web API versions 2017 R2 and prior are affected by CVE-2018-7500.
How can I fix CVE-2018-7500?
To fix CVE-2018-7500, it is recommended to upgrade to a version of OSIsoft PI Web API that is not affected by the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/osisoft
- canonical/osisoft pi web api
- version/osisoft pi web api/2017
- version/osisoft pi web api/2017-r2
- canonical/osisoft pi vision
- version/osisoft pi vision/2017-r2