CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet/ip:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*
cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*
cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*
cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*
cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*
cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*

Information

Published : 2020-07-24 11:15

Updated : 2021-12-21 12:46


NVD link : CVE-2020-10610

Mitre link : CVE-2020-10610

Products Affected
No products.
CWE
CWE-426

Untrusted Search Path