7.8

CVE-2018-7533

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OsisoftPi Data Archive Version <= 2017
OsisoftPi Data Archive Version2017 Updater2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.079
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

http://www.securityfocus.com/bid/103399
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02
Third Party Advisory
US Government Resource