Rewterz Threat Advisory – CVE-2017-9765 – OSIsoft PI SQL Client Privilege Escalation Vulnerability

Wednesday, September 11, 2019



Analysis Summary

An attacker could exploit this vulnerability in a third-party component to remotely execute code on the client computer with the same permissions as the PI SQL Client user.

Communication with a malicious PI SQL Data Access Server (RTQP Engine) is needed to expose a PI SQL client to this vulnerability.


Privilege access

Affected Vendors


Affected Products

PI SQL Client 2018 (PI SQL Client OLEDB 2018)


OSIsoft recommends users upgrade to PI SQL Client 2018 R2 or later to resolve this issue.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 23, February 2020 Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 3, February 2020 Rewterz Threat Alert – Iranian Campaign Tailored to US Companies Introduces TONEDEAF 2.0
  • 3, February 2020 Rewterz Threat Alert – Spamhaus Phishing Scam Delivers Ursnif Malware

Copyright © Rewterz. All rights reserved.