Cross-site request forgery in PI Data Archive - CVE-2017-7926
Published: June 15, 2017
Vulnerability identifier: #VU7101
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-7926
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OSIsoft
Affected software:
PI Data Archive
PI Data Archive
Detailed vulnerability description
The vulnerability allows a remote user to perform CSRF attack.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify information on the target system.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify information on the target system.
How to mitigate CVE-2017-7926
Update to version 2017 (1.9.0).