Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0209

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2009-0209
Last Modified 02 Oct 2009 12:00:00
Published 01 Oct 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0209

Summary

PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.

Vulnerable Systems

Application

  • Osisoft Pi Server 2.4

  • Osisoft Pi Server 2.6

  • Osisoft Pi Server 3.4.363.97

  • Osisoft Pi Server 3.4.370

  • Osisoft Pi Server 3.4.375.99


References

BUGTRAQ - 20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness


Last Updated: 27 May 2016 10:50:09