Sign-up

ID

VAR-202007-0033


CVE

CVE-2020-10610


TITLE

plural OSIsoft Made PI Vulnerabilities in uncontrolled search path elements in the system

Trust: 0.8

sources: JVNDB: JVNDB-2020-009003

DESCRIPTION

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10610 // JVNDB: JVNDB-2020-009003

AFFECTED PRODUCTS

vendor:osisoftmodel:pi interface configuration utilityscope:lteversion:1.5.0.7

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.1.0.10

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.2.0.42

Trust: 1.0

vendor:osisoftmodel:pi to ocsscope:lteversion:1.1.36.0

Trust: 1.0

vendor:osisoftmodel:pi connector relayscope:lteversion:2.5.19.0

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.0.0.54

Trust: 1.0

vendor:osisoftmodel:pi data collection managerscope:lteversion:2.5.19.0

Trust: 1.0

vendor:osisoftmodel:pi buffer subsystemscope:lteversion:4.8.0.18

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.2.0.6

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.3.0.130

Trust: 1.0

vendor:osisoftmodel:pi apiscope:lteversion:1.6.8.26

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.2.1.71

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.3.1.135

Trust: 1.0

vendor:osisoftmodel:pi apiscope:lteversion:2.0.2.5

Trust: 1.0

vendor:osisoftmodel:pi data archivescope:lteversion:3.4.430.460

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.2.2.79

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.3.0.1

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.4.0.17

Trust: 1.0

vendor:osisoftmodel:pi integratorscope:lteversion:2.2.0.183

Trust: 1.0

vendor:osisoftmodel:pi connectorscope:lteversion:1.5.0.88

Trust: 1.0

vendor:osisoftmodel:pi apiscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi buffer subsystemscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi connectorscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi connector relayscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi data archivescope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi data collection managerscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi integrator for business analyticsscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi interface configuration utilityscope: - version: -

Trust: 0.8

vendor:osisoftmodel:pi to ocsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009003 // NVD: CVE-2020-10610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10610
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009003
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-697
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-10610
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009003
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10610
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009003
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-009003 // CNNVD: CNNVD-202005-697 // NVD: CVE-2020-10610

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

problemtype:CWE-426

Trust: 1.0

sources: JVNDB: JVNDB-2020-009003 // NVD: CVE-2020-10610

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-697

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-697

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009003

PATCH
title:Top Pageurl:https://www.osisoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-009003

EXTERNAL IDS
db:ICS CERTid:ICSA-20-133-02
Trust: 2.4
db:NVDid:CVE-2020-10610
Trust: 2.4
db:JVNid:JVNVU94872807
Trust: 0.8
db:JVNDBid:JVNDB-2020-009003
Trust: 0.8
db:AUSCERTid:ESB-2020.1679
Trust: 0.6
db:CNNVDid:CNNVD-202005-697
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009003 // 
            
            
            
            CNNVD: CNNVD-202005-697 // 
            
            
            
            NVD: CVE-2020-10610

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10610
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10610
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94872807/
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-133-02
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1679/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009003 // 
            
            
            
            CNNVD: CNNVD-202005-697 // 
            
            
            
            NVD: CVE-2020-10610

SOURCES
db:JVNDBid:JVNDB-2020-009003
db:CNNVDid:CNNVD-202005-697
db:NVDid:CVE-2020-10610

LAST UPDATE DATE
2024-11-23T19:31:47.218000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-009003date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202005-697date:2021-12-22T00:00:00
db:NVDid:CVE-2020-10610date:2024-11-21T04:55:41.690

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-009003date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202005-697date:2020-05-12T00:00:00
db:NVDid:CVE-2020-10610date:2020-07-24T23:15:11.940