{"containers": {"cna": {"affected": [{"product": "PI System software", "vendor": "OSIsoft", "versions": [{"status": "affected", "version": "Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0"}, {"status": "affected", "version": "Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6"}, {"status": "affected", "version": "PI Buffer Subsystem, versions prior to and including, Version 4.4"}, {"status": "affected", "version": "PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64."}]}], "datePublic": "2016-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-437", "description": "Incomplete model of enpoint features CWE-437", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-04T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03"}, {"name": "94165", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94165"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2016-10-11T00:00:00", "ID": "CVE-2016-8365", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PI System software", "version": {"version_data": [{"version_value": "Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0"}, {"version_value": "Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6"}, {"version_value": "PI Buffer Subsystem, versions prior to and including, Version 4.4"}, {"version_value": "PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64."}]}}]}, "vendor_name": "OSIsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incomplete model of enpoint features CWE-437"}]}]}, "references": {"reference_data": [{"name": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308", "refsource": "CONFIRM", "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03"}, {"name": "94165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94165"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:30.968Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03"}, {"name": "94165", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94165"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-8365", "datePublished": "2018-04-03T14:00:00Z", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-09-16T16:58:56.438Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osisoft:pi_af_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA643EA-A95B-4444-971A-EDB0E533BBFB", "versionEndExcluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", "matchCriteriaId": "9036F577-4915-4DF5-A7BA-E79AFE4CCD9C", "versionEndExcluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:2016:*:*:*", "matchCriteriaId": "C57078BD-6694-4886-8859-EAC579E2B764", "versionEndExcluding": "3.4.400.1162", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_sdk:*:*:*:*:2016:*:*:*", "matchCriteriaId": "FE61884E-9FC3-4DA7-8FBB-63CA74F7CD86", "versionEndExcluding": "1.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)"}, {"lang": "es", "value": "El software OSIsoft PI System, en aplicaciones que emplean PI Asset Framework (AF) Client en versiones anteriores a PI AF Client 2016 2.8.0; aplicaciones que emplean PI Software Development Kit (SDK) en versiones anteriores a PI SDK 2016 1.4.6; PI Buffer Subsystem, en versiones anteriores a (e incluyendo) 4.4; y PI Data Archive en versiones anteriores a PI Data Archive 2015 3.4.395.64, opera entre endpoints sin un modelo completo de caracter\u00edsticas de endpoint. Esto podr\u00eda provocar que el producto realice acciones basado en este modelo incompleto, desembocando en una denegaci\u00f3n de servicio. OSIsoft informa que, para explotar esta vulnerabilidad, un atacante necesitar\u00eda estar conectado localmente a un servidor. Se ha calculado una puntuaci\u00f3n CVSS v3 base de 7.1; la cadena de vector CVSS es (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)."}], "id": "CVE-2016-8365", "lastModified": "2019-10-09T23:19:57.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-03T14:29:00.247", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94165"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00308"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-437"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}