Lucene search
CertccCVE-2009-0209HistoryOct 01, 2009 - 3:30 p.m.
CVE-2009-0209
2009-10-0115:30:00
CWE-310
certcc
web.nvd.nist.gov
26
cve-2009-0209
pi server
osisoft
pi system
encryption
authentication
remote attackers
databases
nvd
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
56.3%
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.
Affected configurations
Node
osisoftpi_serverRange≤3.4.375.99sp232bit_windows
ORosisoftpi_serverMatch2.4
ORosisoftpi_serverMatch2.6
ORosisoftpi_serverMatch3.4.363.97
ORosisoftpi_serverMatch3.4.370
ORosisoftpi_serverMatch3.4.375.99sp264bit_windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| osisoft | pi_server | * | cpe:2.3:a:osisoft:pi_server:*:sp2:32bit_windows:*:*:*:*:* |
| osisoft | pi_server | 2.4 | cpe:2.3:a:osisoft:pi_server:2.4:*:*:*:*:*:*:* |
| osisoft | pi_server | 2.6 | cpe:2.3:a:osisoft:pi_server:2.6:*:*:*:*:*:*:* |
| osisoft | pi_server | 3.4.363.97 | cpe:2.3:a:osisoft:pi_server:3.4.363.97:*:*:*:*:*:*:* |
| osisoft | pi_server | 3.4.370 | cpe:2.3:a:osisoft:pi_server:3.4.370:*:*:*:*:*:*:* |
| osisoft | pi_server | 3.4.375.99 | cpe:2.3:a:osisoft:pi_server:3.4.375.99:sp2:64bit_windows:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2009-10-01 15:30:00
cvelist
cvelist
CVE-2009-0209
2009-10-01 15:00:00
cert
cert
OSIsoft PI Server provides an insecure authentication mechanism
2010-11-19 00:00:00
nvd
nvd
CVE-2009-0209
2009-10-01 15:30:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
56.3%
Related for CVE-2009-0209