Sign-up

ID

VAR-202007-0028


CVE

CVE-2020-10604


TITLE

OSIsoft PI Data Archive Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009000

DESCRIPTION

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data

Trust: 2.16

sources: NVD: CVE-2020-10604 // JVNDB: JVNDB-2020-009000 // CNVD: CNVD-2020-52466

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52466

AFFECTED PRODUCTS

vendor:osisoftmodel:pi data archivescope:eqversion:2018

Trust: 1.6

vendor:osisoftmodel:pi data archivescope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi data archive sp2scope:eqversion:2018

Trust: 0.6

sources: CNVD: CNVD-2020-52466 // JVNDB: JVNDB-2020-009000 // NVD: CVE-2020-10604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10604
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009000
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-52466
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-687
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-10604
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009000
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52466
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10604
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009000
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52466 // JVNDB: JVNDB-2020-009000 // CNNVD: CNNVD-202005-687 // NVD: CVE-2020-10604

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.8

problemtype:CWE-248

Trust: 1.0

sources: JVNDB: JVNDB-2020-009000 // NVD: CVE-2020-10604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-687

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-687

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009000

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-009000

EXTERNAL IDS
db:NVDid:CVE-2020-10604
Trust: 3.0
db:ICS CERTid:ICSA-20-133-02
Trust: 3.0
db:JVNid:JVNVU94872807
Trust: 0.8
db:JVNDBid:JVNDB-2020-009000
Trust: 0.8
db:CNVDid:CNVD-2020-52466
Trust: 0.6
db:AUSCERTid:ESB-2020.1679
Trust: 0.6
db:CNNVDid:CNNVD-202005-687
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52466 // 
            
            
            
            JVNDB: JVNDB-2020-009000 // 
            
            
            
            CNNVD: CNNVD-202005-687 // 
            
            
            
            NVD: CVE-2020-10604

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-10604
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-20-133-02
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10604
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94872807/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1679/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52466 // 
            
            
            
            JVNDB: JVNDB-2020-009000 // 
            
            
            
            CNNVD: CNNVD-202005-687 // 
            
            
            
            NVD: CVE-2020-10604

SOURCES
db:CNVDid:CNVD-2020-52466
db:JVNDBid:JVNDB-2020-009000
db:CNNVDid:CNNVD-202005-687
db:NVDid:CVE-2020-10604

LAST UPDATE DATE
2024-08-14T13:06:53.905000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52466date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-009000date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202005-687date:2020-07-27T00:00:00
db:NVDid:CVE-2020-10604date:2022-10-21T17:16:47.677

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52466date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-009000date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202005-687date:2020-05-12T00:00:00
db:NVDid:CVE-2020-10604date:2020-07-25T00:15:12.047