CVE-2020-10610

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-10610
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*
cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\/ip:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*
cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*
cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*
History

21 Dec 2021, 12:46

Type Values Removed Values Added
CWE CWE-427 CWE-426
Information

Published : 2020-07-24 23:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-10610

Mitre link : CVE-2020-10610

CVE.ORG link : CVE-2020-10610

JSON object : View

Products Affected

osisoft

  • pi_api
  • pi_data_collection_manager
  • pi_to_ocs
  • pi_connector_relay
  • pi_data_archive
  • pi_connector
  • pi_buffer_subsystem
  • pi_interface_configuration_utility
  • pi_integrator
CWE
CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element