Main Vulnerability Database Vulnerabilities #VU7474

#VU7474 Cross-site request forgery in PI Coresight - CVE-2017-9641

Published: July 12, 2017

Vulnerability identifier: #VU7474

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-9641

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PI Coresight

Software vendor:
OSIsoft

Description

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to insufficient checking of the sent requests. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the PI system and perform arbitrary actions.

Remediation

Update to PI Vision 2017.

External links

https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00320

#VU7474 Cross-site request forgery in PI Coresight - CVE-2017-9641

Description

Remediation

External links

Please verify you're human