Rewterz Threat Advisory – CVE-2017-9765 – OSIsoft PI SQL Client Privilege Escalation Vulnerability

Wednesday, September 11, 2019

Severity

High

Analysis Summary

An attacker could exploit this vulnerability in a third-party component to remotely execute code on the client computer with the same permissions as the PI SQL Client user.

Communication with a malicious PI SQL Data Access Server (RTQP Engine) is needed to expose a PI SQL client to this vulnerability.

Impact

Privilege access

Affected Vendors

OSIsoft LLC

Affected Products

PI SQL Client 2018 (PI SQL Client OLEDB 2018)

Remediation

OSIsoft recommends users upgrade to PI SQL Client 2018 R2 or later to resolve this issue.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, September 2019 Rewterz Threat Alert – Emotet Revival with Spam Emails Around the World
  • 17, September 2019 Rewterz Threat Advisory – CVE-2016-1409 – Cisco Products IPv6 Neighbor Discovery Crafted Packet Vulnerability
  • 17, September 2019 Rewterz Threat Alert – Phishing Attack Targets The Guardian’s Whistleblowing Site
  • 16, September 2019 Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

Copyright © Rewterz. All rights reserved.