关键漏洞信息 漏洞名称: OSIsoft PI Web API 2017 CVSS v3 评级: 7.1 Risk Level: Remotely exploitable/low skill level to exploit 受影响产品: PI Web API versions prior to 2017 (1.9.0) Vulnerability Type: Cross-Site Request Forgery (CSRF) Impact: - An attacker can gain access to the PI System using a legitimate client user's privileges. - If the client user has sufficient access to write data, data alteration is possible. Mitigation: - Upgrade to PI Web API version 2017 (1.9.0) and enable CSRF defense. - Set the 'EnableCSRFDdefense' attribute to 'True' in the PI Web API System Configuration. - Follow recommended practices for control systems security and intrusion detection and mitigation. Vulnerability Overview: Cross-Site Request Forgery CWE-352 - CVE-2017-7926 - CVSS v3 base score: 7.1 Researcher: OSIsoft Background: - Critical Infrastructure Sectors: Multiple Sectors - Countries/Areas Deployed: Worldwide - Company Headquarters Location: United States