← Back

CVE-2020-10606

nvd nist
Published: Jul 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.

Affected (20)

Osisoft
9 products
Pi Api
Pi Buffer Subsystem
Pi Connector
Pi Connector Relay
Pi Data Archive
Pi Data Collection Manager
Pi Integrator
Pi Interface Configuration Utility
Pi To Ocs
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Osisoft
Pi Api
Up to 1.6.8.26
Pi Api
Up to 2.0.2.5
Pi Buffer Subsystem
Up to 4.8.0.18
Osisoft
Pi Connector
Up to 1.2.0.6
Pi Connector
Up to 1.4.0.17
Pi Connector
Up to 1.2.0.42
Pi Connector
Up to 1.1.0.10
Pi Connector
Up to 1.3.0.1
Pi Connector
Up to 1.2.2.79
Pi Connector
Up to 1.3.0.130
Pi Connector
Up to 1.0.0.54
Pi Connector
Up to 1.2.1.71
Pi Connector
Up to 1.3.1.135
Pi Connector
Up to 1.5.0.88
Pi Connector Relay
Up to 2.5.19.0
Pi Data Archive
Up to 3.4.430.460
Pi Data Collection Manager
Up to 2.5.19.0
Pi Integrator
Up to 2.2.0.183
Pi Interface Configuration Utility
Up to 1.5.0.7
Pi To Ocs
Up to 1.1.36.0

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.