CVE-2020-10602: Null Pointer Dereference
First published: Fri Jul 24 2020(Updated: )
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PI Data Archive | =2018 | |
| PI Data Archive | =2018-sp2 | |
| OSIsoft Applications using PI Asset Framework (AF) Client versions prior to and including PI AF Client 2018 SP3 Patch 1, Version 2.10.7.283 | ||
| OSIsoft Applications using PI Software Development Kit (SDK) versions prior to and including PI SDK 2018 SP1, Version 1.4.7.602 | ||
| OSIsoft PI API for Windows Integrated Security versions prior to and including 2.0.2.5, | ||
| OSIsoft PI API versions prior to and including 1.6.8.26 | ||
| OSIsoft PI Buffer Subsystem versions prior to and including 4.8.0.18 | ||
| OSIsoft PI Connector for BACnet, versions prior to and including 1.2.0.6 | ||
| OSIsoft PI Connector for CygNet, versions prior to and including 1.4.0.17 | ||
| OSIsoft PI Connector for DC Systems RTscada, versions prior to and including 1.2.0.42 | ||
| OSIsoft PI Connector for Ethernet/IP, versions prior to and including 1.1.0.10 | ||
| OSIsoft PI Connector for HART-IP, versions prior to and including 1.3.0.1 | ||
| OSIsoft PI Connector for Ping, versions prior to and including 1.0.0.54 | ||
| OSIsoft PI Connector for Wonderware Historian, versions prior to and including 1.5.0.88 | ||
| OSIsoft PI Connector Relay, versions prior to and including 2.5.19.0 | ||
| OSIsoft PI Data Archive versions prior to and including PI Data Archive 2018 SP3, Version 3.4.430.460 | ||
| OSIsoft PI Data Collection Manager, versions prior to and including 2.5.19.0 | ||
| OSIsoft PI Integrator for Business Analytics versions prior to and including 2018 R2 SP1, Version 2.2.0.183 | ||
| OSIsoft PI Interface Configuration Utility (ICU) versions prior to and including 1.5.0.7 | ||
| OSIsoft PI to OCS versions prior to and including 1.1.36.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/pi
- canonical/pi data archive
- version/pi data archive/2018
- version/pi data archive/2018-sp2
- vendor/osisoft
- canonical/osisoft applications using pi asset framework (af) client versions prior to and including pi af client 2018 sp3 patch 1, version 2.10.7.283
- canonical/osisoft applications using pi software development kit (sdk) versions prior to and including pi sdk 2018 sp1, version 1.4.7.602
- canonical/osisoft pi api for windows integrated security versions prior to and including 2.0.2.5,
- canonical/osisoft pi api versions prior to and including 1.6.8.26
- canonical/osisoft pi buffer subsystem versions prior to and including 4.8.0.18
- canonical/osisoft pi connector for bacnet, versions prior to and including 1.2.0.6
- canonical/osisoft pi connector for cygnet, versions prior to and including 1.4.0.17
- canonical/osisoft pi connector for dc systems rtscada, versions prior to and including 1.2.0.42
- canonical/osisoft pi connector for ethernet/ip, versions prior to and including 1.1.0.10
- canonical/osisoft pi connector for hart-ip, versions prior to and including 1.3.0.1
- canonical/osisoft pi connector for ping, versions prior to and including 1.0.0.54
- canonical/osisoft pi connector for wonderware historian, versions prior to and including 1.5.0.88
- canonical/osisoft pi connector relay, versions prior to and including 2.5.19.0
- canonical/osisoft pi data archive versions prior to and including pi data archive 2018 sp3, version 3.4.430.460
- canonical/osisoft pi data collection manager, versions prior to and including 2.5.19.0
- canonical/osisoft pi integrator for business analytics versions prior to and including 2018 r2 sp1, version 2.2.0.183
- canonical/osisoft pi interface configuration utility (icu) versions prior to and including 1.5.0.7
- canonical/osisoft pi to ocs versions prior to and including 1.1.36.0