Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OSIsoft PI AF和PI SQL for AF 安全漏洞
Vulnerability Description
OSIsoft PI AF(Asset Framework)是美国OSIsoft公司的一套可为资产定义一致的呈现方式并提供结构化信息的资产框架,它支持将资产属性与关系数据库进行关联、基于资产的数据分析和应用计算等。PI SQL for AF是其中的一个SQL访问接口。 OSIsoft PI AF 2.6版本和2.7版本和PI SQL for AF 2.1.2.19版本中存在安全漏洞,该漏洞源于程序向PI SQL(AF)Trusted Users组插入Everyone账户。远程攻击者可借助SQL语句利用该漏
CVSS Information
N/A
Vulnerability Type
N/A