What is the vulnerability ID of this OSIsoft PI System vulnerability?

The vulnerability ID is CVE-2020-10608.

What is the severity rating of CVE-2020-10608?

The severity rating of CVE-2020-10608 is 7.8 (high).

Which products and versions are affected by CVE-2020-10608?

The affected products and versions are: Osisoft Pi Api 1.6.8.26, Osisoft Pi Api 2.0.2.5 (with Windows Integrated Security), Osisoft Pi Buffer Subsystem 4.8.0.18, Osisoft Pi Connector 1.0.0.54 (Ping), Osisoft Pi Connector 1.1.0.10 (Ethernet/IP), Osisoft Pi Connector 1.2.0.6 (BACnet), Osisoft Pi Connector 1.2.0.42 (DC Systems RTSCADA), Osisoft Pi Connector 1.2.1.71 (Siemens SIMATIC PCS 7), Osisoft Pi Connector 1.2.2.79 (IEC 60870-5-104), Osisoft Pi Connector 1.3.0.1 (HART-IP), Osisoft Pi Connector 1.3.0.130 (OPC-UA), Osisoft Pi Connector 1.3.1.135 (UFL), Osisoft Pi Connector 1.4.0.17 (CygNet), Osisoft Pi Connector 1.5.0.88 (Wonderware Historian), Osisoft Pi Connector Relay 2.5.19.0, OSIsoft PI Data Archive 3.4.430.460, Osisoft Pi Data Collection Manager 2.5.19.0, Osisoft Pi Integrator 2.2.0.183 (Business Analytics), Osisoft Pi Interface Configuration Utility 1.5.0.7, Osisoft Pi To Ocs 1.1.36.0.

What can a local attacker do with this vulnerability?

A local attacker can plant a binary and bypass a code integrity check to escalate privileges and gain unauthorized information access.

Is there a fix available for CVE-2020-10608?

Yes, a fix is available for CVE-2020-10608. Please refer to the official reference for more information.

Vulnerability/
CVE-2020-10608

high

7.8

CWE

347

24/7/2020

4/8/2024

CVE-2020-10608

First published: Fri Jul 24 2020(Updated: )

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
OSIsoft PI Asset Framework (AF) Client
OSIsoft PI Software Development Kit (SDK)
OSIsoft PI API
OSIsoft PI API
OSIsoft PI Buffer Subsystem
OSIsoft PI Connector for BACnet
OSIsoft PI Connector for CygNet
OSIsoft PI Connector for DC Systems RTscada
OSIsoft PI Connector for Ethernet/IP
OSIsoft
OSIsoft PI Connector for Ping
OSIsoft PI Connector for Wonderware Historian
OSIsoft PI Connector Relay
OSIsoft PI Data Archive
OSIsoft PI Data Collection Manager
OSIsoft PI Integrator for Business Analytics
OSIsoft PI Interface Configuration Utility
OSIsoft PI to OCS
OSiSoft PI SDK	<=1.6.8.26
OSiSoft PI SDK	<=2.0.2.5
OSIsoft PI Buffer Subsystem	<=4.8.0.18
Osisoft PI Connector	<=1.0.0.54
Osisoft PI Connector	<=1.1.0.10
Osisoft PI Connector	<=1.2.0.6
Osisoft PI Connector	<=1.2.0.42
Osisoft PI Connector	<=1.2.1.71
Osisoft PI Connector	<=1.2.2.79
Osisoft PI Connector	<=1.3.0.1
Osisoft PI Connector	<=1.3.0.130
Osisoft PI Connector	<=1.3.1.135
Osisoft PI Connector	<=1.4.0.17
Osisoft PI Connector	<=1.5.0.88
Osisoft PI Connector	<=2.5.19.0
OSIsoft PI Data Archive	<=3.4.430.460
OSIsoft PI Data Collection Manager	<=2.5.19.0
Osisoft Pi Integrator	<=2.2.0.183
OSIsoft PI Interface Configuration Utility	<=1.5.0.7
OSIsoft PI to OCS	<=1.1.36.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-133-02

Frequently Asked Questions

What is the vulnerability ID of this OSIsoft PI System vulnerability?
The vulnerability ID is CVE-2020-10608.
What is the severity rating of CVE-2020-10608?
The severity rating of CVE-2020-10608 is 7.8 (high).
Which products and versions are affected by CVE-2020-10608?
The affected products and versions are: Osisoft Pi Api 1.6.8.26, Osisoft Pi Api 2.0.2.5 (with Windows Integrated Security), Osisoft Pi Buffer Subsystem 4.8.0.18, Osisoft Pi Connector 1.0.0.54 (Ping), Osisoft Pi Connector 1.1.0.10 (Ethernet/IP), Osisoft Pi Connector 1.2.0.6 (BACnet), Osisoft Pi Connector 1.2.0.42 (DC Systems RTSCADA), Osisoft Pi Connector 1.2.1.71 (Siemens SIMATIC PCS 7), Osisoft Pi Connector 1.2.2.79 (IEC 60870-5-104), Osisoft Pi Connector 1.3.0.1 (HART-IP), Osisoft Pi Connector 1.3.0.130 (OPC-UA), Osisoft Pi Connector 1.3.1.135 (UFL), Osisoft Pi Connector 1.4.0.17 (CygNet), Osisoft Pi Connector 1.5.0.88 (Wonderware Historian), Osisoft Pi Connector Relay 2.5.19.0, OSIsoft PI Data Archive 3.4.430.460, Osisoft Pi Data Collection Manager 2.5.19.0, Osisoft Pi Integrator 2.2.0.183 (Business Analytics), Osisoft Pi Interface Configuration Utility 1.5.0.7, Osisoft Pi To Ocs 1.1.36.0.
What can a local attacker do with this vulnerability?
A local attacker can plant a binary and bypass a code integrity check to escalate privileges and gain unauthorized information access.
Is there a fix available for CVE-2020-10608?
Yes, a fix is available for CVE-2020-10608. Please refer to the official reference for more information.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/severity
agent/references
agent/softwarecombine
agent/trending
agent/source
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/osisoft
canonical/osisoft pi asset framework (af) client
canonical/osisoft pi software development kit (sdk)
canonical/osisoft pi api
canonical/osisoft pi buffer subsystem
canonical/osisoft pi connector for bacnet
canonical/osisoft pi connector for cygnet
canonical/osisoft pi connector for dc systems rtscada
canonical/osisoft pi connector for ethernet/ip
canonical/osisoft
canonical/osisoft pi connector for ping
canonical/osisoft pi connector for wonderware historian
canonical/osisoft pi connector relay
canonical/osisoft pi data archive
canonical/osisoft pi data collection manager
canonical/osisoft pi integrator for business analytics
canonical/osisoft pi interface configuration utility
canonical/osisoft pi to ocs
canonical/osisoft pi sdk
version/osisoft pi sdk/1.6.8.26
version/osisoft pi sdk/2.0.2.5
version/osisoft pi buffer subsystem/4.8.0.18
canonical/osisoft pi connector
version/osisoft pi connector/1.0.0.54
version/osisoft pi connector/1.1.0.10
version/osisoft pi connector/1.2.0.6
version/osisoft pi connector/1.2.0.42
version/osisoft pi connector/1.2.1.71
version/osisoft pi connector/1.2.2.79
version/osisoft pi connector/1.3.0.1
version/osisoft pi connector/1.3.0.130
version/osisoft pi connector/1.3.1.135
version/osisoft pi connector/1.4.0.17
version/osisoft pi connector/1.5.0.88
version/osisoft pi connector/2.5.19.0
version/osisoft pi data archive/3.4.430.460
version/osisoft pi data collection manager/2.5.19.0
canonical/osisoft pi integrator
version/osisoft pi integrator/2.2.0.183
version/osisoft pi interface configuration utility/1.5.0.7
version/osisoft pi to ocs/1.1.36.0