Main Vulnerability Database SB2017061507

SB2017061507 - CSRF in Allen Disk in OSIsoft PI Web API

Published: June 15, 2017

Security Bulletin ID SB2017061507

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2017-7926)

The vulnerability allows a remote user to perform CSRF attack.

The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify information on the target system.

Remediation

Install update from vendor's website.

References

https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00316