Remote code execution in PI ActiveView and PI ProcessBook - #VU7475
Published: July 12, 2017
Vulnerability identifier: #VU7475
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OSIsoft
Affected software:
PI ActiveView
PI ProcessBook
PI ActiveView
PI ProcessBook
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The weakness exist due to unknown error. A remote attacker can execute arbitrary code and compromise the vulnerable system.
The weakness exist due to unknown error. A remote attacker can execute arbitrary code and compromise the vulnerable system.
Remediation
Update PI ProcessBook to version 2015 R2 SP1 3.6.1.
Update PI ActiveView to version 2015 R2 SP1 3.6.1.
Update PI ActiveView to version 2015 R2 SP1 3.6.1.