Details of VAR-202007-0022

ID

VAR-202007-0022

CVE

CVE-2020-10600

TITLE

PI Data Archive In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008998

DESCRIPTION

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data

Trust: 2.16

sources: NVD: CVE-2020-10600 // JVNDB: JVNDB-2020-008998 // CNVD: CNVD-2020-52464

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52464

AFFECTED PRODUCTS

vendor:	osisoft	model:	pi data archive	scope:	lte	version:	2019	Trust: 1.0
vendor:	osisoft	model:	pi data archive	scope:	eq	version:	2018 sp2	Trust: 0.8
vendor:	osisoft	model:	pi data archive sp2	scope:	lte	version:	<=2018	Trust: 0.6

sources: CNVD: CNVD-2020-52464 // JVNDB: JVNDB-2020-008998 // NVD: CVE-2020-10600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10600
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-10600
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008998
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-52464
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-677
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-10600
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008998
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-52464
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-10600
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-10600
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008998
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52464 // JVNDB: JVNDB-2020-008998 // CNNVD: CNNVD-202005-677 // NVD: CVE-2020-10600 // NVD: CVE-2020-10600

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2020-008998 // NVD: CVE-2020-10600

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-677

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008998

PATCH

title:

Top Page

url:

https://www.osisoft.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-008998

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-20-133-02	Trust: 3.0
db:	NVD	id:	CVE-2020-10600	Trust: 3.0
db:	JVN	id:	JVNVU94872807	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-008998	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52464	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1679	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-677	Trust: 0.6

sources: CNVD: CNVD-2020-52464 // JVNDB: JVNDB-2020-008998 // CNNVD: CNNVD-202005-677 // NVD: CVE-2020-10600

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10600	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-20-133-02	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10600	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94872807/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1679/	Trust: 0.6

sources: CNVD: CNVD-2020-52464 // JVNDB: JVNDB-2020-008998 // CNNVD: CNNVD-202005-677 // NVD: CVE-2020-10600

SOURCES

db:	CNVD	id:	CNVD-2020-52464
db:	JVNDB	id:	JVNDB-2020-008998
db:	CNNVD	id:	CNNVD-202005-677
db:	NVD	id:	CVE-2020-10600

LAST UPDATE DATE

2024-11-23T20:40:47.196000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52464	date:	2020-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-008998	date:	2020-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202005-677	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-10600	date:	2024-11-21T04:55:40.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52464	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008998	date:	2020-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202005-677	date:	2020-05-12T00:00:00
db:	NVD	id:	CVE-2020-10600	date:	2020-07-24T23:15:11.690