← Back

CVE-2020-10610

nvd nist
Published: Jul 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.

Affected (20)

Osisoft
9 products
Pi Api
Pi Buffer Subsystem
Pi Connector
Pi Connector Relay
Pi Data Archive
Pi Data Collection Manager
Pi Integrator
Pi Interface Configuration Utility
Pi To Ocs
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Osisoft
Pi Api
Up to 1.6.8.26
Pi Api
Up to 2.0.2.5
Pi Buffer Subsystem
Up to 4.8.0.18
Osisoft
Pi Connector
Up to 1.2.0.6
Pi Connector
Up to 1.4.0.17
Pi Connector
Up to 1.2.0.42
Pi Connector
Up to 1.1.0.10
Pi Connector
Up to 1.3.0.1
Pi Connector
Up to 1.2.2.79
Pi Connector
Up to 1.3.0.130
Pi Connector
Up to 1.0.0.54
Pi Connector
Up to 1.2.1.71
Pi Connector
Up to 1.3.1.135
Pi Connector
Up to 1.5.0.88
Pi Connector Relay
Up to 2.5.19.0
Pi Data Archive
Up to 3.4.430.460
Pi Data Collection Manager
Up to 2.5.19.0
Pi Integrator
Up to 2.2.0.183
Pi Interface Configuration Utility
Up to 1.5.0.7
Pi To Ocs
Up to 1.1.36.0

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.