What is the severity of CVE-2019-18244?

CVE-2019-18244 has been classified as a moderate severity vulnerability.

How do I fix CVE-2019-18244?

To fix CVE-2019-18244, update the affected OSIsoft products to the latest version provided by the vendor.

What products are affected by CVE-2019-18244?

CVE-2019-18244 affects multiple versions of OSIsoft PI Vision and several applications using PI SDK, PI API, and various PI Connectors.

Can CVE-2019-18244 be exploited remotely?

CVE-2019-18244 requires local access to the system, as it is related to sensitive information in log files.

What type of information can be exposed by CVE-2019-18244?

CVE-2019-18244 can expose sensitive information stored in log files due to improper handling of service accounts during installation or upgrade.

Vulnerability/
CVE-2019-18244

medium

5.1

CWE

532

15/1/2020

5/8/2024

CVE-2019-18244

First published: Wed Jan 15 2020(Updated: )

In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
OSIsoft PI Asset Framework (AF) Client
OSIsoft PI Software Development Kit (SDK)
OSIsoft PI API
OSIsoft PI API
OSIsoft PI Buffer Subsystem
OSIsoft PI Connector for BACnet
OSIsoft PI Connector for CygNet
OSIsoft PI Connector for DC Systems RTscada
OSIsoft PI Connector for Ethernet/IP
OSIsoft
OSIsoft PI Connector for Ping
OSIsoft PI Connector for Wonderware Historian
OSIsoft PI Connector Relay
OSIsoft PI Data Archive
OSIsoft PI Data Collection Manager
OSIsoft PI Integrator for Business Analytics
OSIsoft PI Interface Configuration Utility
OSIsoft PI to OCS
OSIsoft	=2017-r2
OSIsoft	=2017-r2_sp1
OSIsoft	=2019

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-133-02

Frequently Asked Questions

What is the severity of CVE-2019-18244?
CVE-2019-18244 has been classified as a moderate severity vulnerability.
How do I fix CVE-2019-18244?
To fix CVE-2019-18244, update the affected OSIsoft products to the latest version provided by the vendor.
What products are affected by CVE-2019-18244?
CVE-2019-18244 affects multiple versions of OSIsoft PI Vision and several applications using PI SDK, PI API, and various PI Connectors.
Can CVE-2019-18244 be exploited remotely?
CVE-2019-18244 requires local access to the system, as it is related to sensitive information in log files.
What type of information can be exposed by CVE-2019-18244?
CVE-2019-18244 can expose sensitive information stored in log files due to improper handling of service accounts during installation or upgrade.

agent/type
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/osisoft
canonical/osisoft pi asset framework (af) client
canonical/osisoft pi software development kit (sdk)
canonical/osisoft pi api
canonical/osisoft pi buffer subsystem
canonical/osisoft pi connector for bacnet
canonical/osisoft pi connector for cygnet
canonical/osisoft pi connector for dc systems rtscada
canonical/osisoft pi connector for ethernet/ip
canonical/osisoft
canonical/osisoft pi connector for ping
canonical/osisoft pi connector for wonderware historian
canonical/osisoft pi connector relay
canonical/osisoft pi data archive
canonical/osisoft pi data collection manager
canonical/osisoft pi integrator for business analytics
canonical/osisoft pi interface configuration utility
canonical/osisoft pi to ocs
version/osisoft/2017-r2
version/osisoft/2017-r2_sp1
version/osisoft/2019