CVE-2018-7529
First published: Wed Mar 14 2018(Updated: )
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Data Archive | <=2017 | |
| OSIsoft PI Data Archive | =2017-r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-7529?
CVE-2018-7529 is classified as a high severity vulnerability due to its potential impact on server stability and security.
How do I fix CVE-2018-7529?
To mitigate CVE-2018-7529, ensure that you upgrade to a version of OSIsoft PI Data Archive that is later than 2017.
Who is affected by CVE-2018-7529?
CVE-2018-7529 affects all versions of OSIsoft PI Data Archive up to and including the 2017 version.
What type of vulnerability is CVE-2018-7529?
CVE-2018-7529 is a deserialization of untrusted data vulnerability that can be exploited by unauthenticated users.
What are the potential consequences of CVE-2018-7529?
Exploitation of CVE-2018-7529 may lead to server crashes, potentially resulting in a denial of service.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/osisoft
- canonical/osisoft pi data archive
- version/osisoft pi data archive/2017
- version/osisoft pi data archive/2017-r2