PatchSiren cyber security CVE debrief
CVE-2017-5153 Osisoft CVE debrief
CVE-2017-5153 is an information exposure issue in OSIsoft PI Coresight and PI Web API deployments. According to NVD, affected configurations include PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. The issue can expose service account passwords in server log files, which may enable unauthorized shutdown of affected PI services and possible reuse of domain credentials.
- Vendor
- Osisoft
- Product
- CVE-2017-5153
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Administrators and operators responsible for OSIsoft PI Coresight or PI Web API deployments, especially environments that use the PI AF Services 2016 R2 integrated install kit. Security teams should also pay attention if service account credentials may have been logged or reused across related services.
Technical summary
NVD classifies the weakness as CWE-532 (Insertion of Sensitive Information into Log File). The vulnerability is described as an information exposure through server log files that may reveal service account passwords for affected services. NVD lists the CVSS v3.0 vector as AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that a local attacker with limited privileges could gain high confidentiality, integrity, and availability impact if exposed credentials are recovered and misused.
Defensive priority
High. The issue can expose credentials that may be used to disrupt PI services and potentially access broader domain resources, so affected systems should be reviewed promptly for exposure and credential reuse risk.
Recommended defensive actions
- Review the vendor and government advisories referenced by NVD for product-specific remediation guidance.
- Identify affected PI Coresight and PI Web API installations, including deployments using the PI AF Services 2016 R2 integrated install kit.
- Search relevant server logs for any exposed service account passwords or other sensitive credentials.
- Rotate any service account passwords or domain credentials that may have been exposed in logs.
- Restrict access to log files and ensure logging configurations do not record secrets or authentication material.
- Upgrade or otherwise remediate affected installations according to vendor guidance for non-vulnerable versions.
Evidence notes
This debrief is based on the supplied NVD record and its references. NVD states the affected products and versions, the CWE-532 classification, and the CVSS v3.0 vector. NVD also references ICS-CERT advisory ICSA-17-010-01 and SecurityFocus BID 95355 as supporting sources. No KEV listing was supplied.
Official resources
-
CVE-2017-5153 CVE record
CVE.org
-
CVE-2017-5153 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
CVE published by NVD on 2017-02-13T21:59:02.690Z. The record was later modified on 2026-05-13T00:24:29.033Z; that modified timestamp reflects metadata updates, not the original issue date.