CVE-2017-5153 is an information exposure issue in OSIsoft PI Coresight and PI Web API deployments. According to NVD, affected configurations include PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. The issue can expose service account passwords in server log files, which may enable unauthorized shutdown of affected PI services [truncated]
CVE-2016-8353 describes an access-control weakness in OSIsoft PI Web API 2015 R2 (version 1.5.1). According to the published record, an attacker may be able to access PI system resources without the proper permissions. NVD rates the issue as CVSS 3.0 6.4 (medium) with network access, low attack complexity, and low privileges required.