CVE-2020-10604
First published: Fri Jul 24 2020(Updated: )
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Data Archive | =2018 | |
| OSIsoft PI Data Archive | =2018-sp2 | |
| OSIsoft PI Asset Framework (AF) Client | ||
| OSIsoft PI Software Development Kit (SDK) | ||
| OSIsoft PI API | ||
| OSIsoft PI API | ||
| OSIsoft PI Buffer Subsystem | ||
| OSIsoft PI Connector for BACnet | ||
| OSIsoft PI Connector for CygNet | ||
| OSIsoft PI Connector for DC Systems RTscada | ||
| OSIsoft PI Connector for Ethernet/IP | ||
| OSIsoft | ||
| OSIsoft PI Connector for Ping | ||
| OSIsoft PI Connector for Wonderware Historian | ||
| OSIsoft PI Connector Relay | ||
| OSIsoft PI Data Archive | ||
| OSIsoft PI Data Collection Manager | ||
| OSIsoft PI Integrator for Business Analytics | ||
| OSIsoft PI Interface Configuration Utility | ||
| OSIsoft PI to OCS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10604?
CVE-2020-10604 is classified as a high severity vulnerability due to its ability to cause denial of service.
How do I fix CVE-2020-10604?
To fix CVE-2020-10604, upgrade to the latest versions of affected OSIsoft PI products as specified in the software vendor's release notes.
What impact does CVE-2020-10604 have on the PI Network Manager service?
CVE-2020-10604 allows a remote, unauthenticated attacker to crash the PI Network Manager service, disrupting connections and queries to the PI Data Archive.
Which OSIsoft products are affected by CVE-2020-10604?
CVE-2020-10604 affects multiple OSIsoft products including PI Data Archive, PI Asset Framework, and several PI Connectors and APIs.
Is authentication required to exploit CVE-2020-10604?
No, CVE-2020-10604 can be exploited by unauthenticated remote attackers.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/osisoft
- canonical/osisoft pi data archive
- version/osisoft pi data archive/2018
- version/osisoft pi data archive/2018-sp2
- canonical/osisoft pi asset framework (af) client
- canonical/osisoft pi software development kit (sdk)
- canonical/osisoft pi api
- canonical/osisoft pi buffer subsystem
- canonical/osisoft pi connector for bacnet
- canonical/osisoft pi connector for cygnet
- canonical/osisoft pi connector for dc systems rtscada
- canonical/osisoft pi connector for ethernet/ip
- canonical/osisoft
- canonical/osisoft pi connector for ping
- canonical/osisoft pi connector for wonderware historian
- canonical/osisoft pi connector relay
- canonical/osisoft pi data collection manager
- canonical/osisoft pi integrator for business analytics
- canonical/osisoft pi interface configuration utility
- canonical/osisoft pi to ocs