#VU7475 Remote code execution in PI ActiveView and PI ProcessBook
Published: July 12, 2017
Vulnerability identifier: #VU7475
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PI ActiveView
PI ProcessBook
PI ActiveView
PI ProcessBook
Software vendor:
OSIsoft
OSIsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The weakness exist due to unknown error. A remote attacker can execute arbitrary code and compromise the vulnerable system.
The weakness exist due to unknown error. A remote attacker can execute arbitrary code and compromise the vulnerable system.
Remediation
Update PI ProcessBook to version 2015 R2 SP1 3.6.1.
Update PI ActiveView to version 2015 R2 SP1 3.6.1.
Update PI ActiveView to version 2015 R2 SP1 3.6.1.