mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
145 lines
4.0 KiB
JSON
145 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2018-7500",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2018-03-14T18:29:00.500",
|
|
"lastModified": "2019-10-09T23:42:20.003",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha descubierto un problema de permisos, privilegios y controles de acceso en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Se podr\u00eda escalar privilegios, lo que dar\u00eda a los atacantes acceso al sistema PI mediante la cuenta de servicio."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2017",
|
|
"matchCriteriaId": "6DB7BD82-102C-4102-8786-4C47832B3C79"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:osisoft:pi_web_api:2017:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9E98E223-7747-483D-B7A9-5DD9BE1B4626"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:osisoft:pi_vision:2017:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "54E097BD-B6A5-4153-BC11-268AF90588A3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/103396",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Mitigation",
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |