Rewterz Threat Advisory – CVE-2017-9765 – OSIsoft PI SQL Client Privilege Escalation Vulnerability

Wednesday, September 11, 2019



Analysis Summary

An attacker could exploit this vulnerability in a third-party component to remotely execute code on the client computer with the same permissions as the PI SQL Client user.

Communication with a malicious PI SQL Data Access Server (RTQP Engine) is needed to expose a PI SQL client to this vulnerability.


Privilege access

Affected Vendors


Affected Products

PI SQL Client 2018 (PI SQL Client OLEDB 2018)


OSIsoft recommends users upgrade to PI SQL Client 2018 R2 or later to resolve this issue.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, September 2019 Rewterz Threat Alert – Emotet Revival with Spam Emails Around the World
  • 17, September 2019 Rewterz Threat Advisory – CVE-2016-1409 – Cisco Products IPv6 Neighbor Discovery Crafted Packet Vulnerability
  • 17, September 2019 Rewterz Threat Alert – Phishing Attack Targets The Guardian’s Whistleblowing Site
  • 16, September 2019 Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

Copyright © Rewterz. All rights reserved.