Lucene search
HistoryOct 01, 2009 - 3:30 p.m.
CVE-2009-0209
cve-2009-0209
pi server
osisoft
pi system
encryption
authentication
remote attackers
databases
nvd
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.
Affected configurations
Node
osisoftpi_serverRange≤3.4.375.99sp232bit_windows
ORosisoftpi_serverMatch2.4
ORosisoftpi_serverMatch2.6
ORosisoftpi_serverMatch3.4.363.97
ORosisoftpi_serverMatch3.4.370
ORosisoftpi_serverMatch3.4.375.99sp264bit_windows
Related
prion
prion
Authentication flaw
2009-10-01 15:30:00
cvelist
cvelist
CVE-2009-0209
2009-10-01 15:00:00
cert
cert
OSIsoft PI Server provides an insecure authentication mechanism
2010-11-19 00:00:00
nvd
nvd
CVE-2009-0209
2009-10-01 15:30:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
Related for CVE-2009-0209