CVE-2017-9653

moderate-risk
Published 2017-08-14

An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Pi Integrator For Business Analystics
Pi Integrator For Sap Hana
Pi Integrator For Microsoft Azure

Affected Vendors

Osisoft

References (6)

Third Party Advisory http://www.securityfocus.com/bid/100212
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01
Vendor Advisory https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324
Third Party Advisory http://www.securityfocus.com/bid/100212
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01
Vendor Advisory https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 9/34 · Low