CVE-2017-9641

PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
osisoftpi_coresight
𝑥
≤ 2016-r2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99540
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-04
https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00320
http://www.securityfocus.com/bid/99540
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-04
https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00320