CVE-2020-10600

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).

CVSS v3 7.1 HIGH
CVSS v2.0 4.9 MEDIUM

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-24 23:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-10600

Mitre link : CVE-2020-10600

CVE.ORG link : CVE-2020-10600

JSON object : View

Products Affected

osisoft

pi_data_archive

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2020-10600", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2020-07-24T23:15:11.690", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions)."}, {"lang": "es", "value": "Un atacante remoto autentificado podr\u00eda bloquear PI Archive Subsystem cuando el subsistema funciona bajo la presi\u00f3n de la memoria. Esto puede resultar en el bloqueo de consultas a PI Data Archive (versi\u00f3n 2018 SP2 y versiones anteriores)"}], "lastModified": "2020-08-05T17:39:30.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D3BC4ED-2C51-493F-8CBE-5D053B977517", "versionEndIncluding": "2019"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}