Rewterz Threat Advisory – CVE-2017-9765 – OSIsoft PI SQL Client Privilege Escalation Vulnerability

Wednesday, September 11, 2019

Severity

High

Analysis Summary

An attacker could exploit this vulnerability in a third-party component to remotely execute code on the client computer with the same permissions as the PI SQL Client user.

Communication with a malicious PI SQL Data Access Server (RTQP Engine) is needed to expose a PI SQL client to this vulnerability.

Impact

Privilege access

Affected Vendors

OSIsoft LLC

Affected Products

PI SQL Client 2018 (PI SQL Client OLEDB 2018)

Remediation

OSIsoft recommends users upgrade to PI SQL Client 2018 R2 or later to resolve this issue.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 23, February 2020 Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 3, February 2020 Rewterz Threat Alert – Iranian Campaign Tailored to US Companies Introduces TONEDEAF 2.0
  • 3, February 2020 Rewterz Threat Alert – Spamhaus Phishing Scam Delivers Ursnif Malware

Copyright © Rewterz. All rights reserved.