← Back

CVE-2020-10608

nvd nist
Published: Jul 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

Affected (20)

Osisoft
9 products
Pi Api
Pi Buffer Subsystem
Pi Connector
Pi Connector Relay
Pi Data Archive
Pi Data Collection Manager
Pi Integrator
Pi Interface Configuration Utility
Pi To Ocs
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Osisoft
Pi Api
Up to 1.6.8.26
Pi Api
Up to 2.0.2.5
Pi Buffer Subsystem
Up to 4.8.0.18
Osisoft
Pi Connector
Up to 1.2.0.6
Pi Connector
Up to 1.4.0.17
Pi Connector
Up to 1.2.0.42
Pi Connector
Up to 1.1.0.10
Pi Connector
Up to 1.3.0.1
Pi Connector
Up to 1.2.2.79
Pi Connector
Up to 1.3.0.130
Pi Connector
Up to 1.0.0.54
Pi Connector
Up to 1.2.1.71
Pi Connector
Up to 1.3.1.135
Pi Connector
Up to 1.5.0.88
Pi Connector Relay
Up to 2.5.19.0
Pi Data Archive
Up to 3.4.430.460
Pi Data Collection Manager
Up to 2.5.19.0
Pi Integrator
Up to 2.2.0.183
Pi Interface Configuration Utility
Up to 1.5.0.7
Pi To Ocs
Up to 1.1.36.0

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.