CVE-2018-7531

MEDIUM

OSIsoft PI Data Archive < 2017 - Unauthenticated Denial of Service via Custom Request

Title source: llm
STIX 2.1

Description

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103399

Scores

CVSS v3 5.9
EPSS 0.0143
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
osisoft/pi_data_archive 2017 r2
osisoft/pi_data_archive < 2017
Published Mar 14, 2018
Tracked Since Feb 18, 2026