What is CVE-2020-10610?

CVE-2020-10610 is a vulnerability in OSIsoft PI System that allows a local attacker to take control of the local computer at Windows system privilege level.

Which products and versions are affected by CVE-2020-10610?

OSIsoft PI System products and versions such as Osisoft Pi API, Osisoft Pi Buffer Subsystem, and Osisoft Pi Connector are affected by CVE-2020-10610.

What is the severity of CVE-2020-10610?

CVE-2020-10610 has a severity rating of 7.8, which is considered high.

How can a local attacker exploit CVE-2020-10610?

A local attacker can exploit CVE-2020-10610 by modifying a search path and planting a binary to gain unauthorized control over the affected PI System software.

Where can I find more information about CVE-2020-10610?

You can find more information about CVE-2020-10610 at the following reference: https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02

Vulnerability/
CVE-2020-10610

high

7.8

CWE

426 427

24/7/2020

4/8/2024

CVE-2020-10610

First published: Fri Jul 24 2020(Updated: )

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
OSIsoft PI Asset Framework (AF) Client
OSIsoft PI Software Development Kit (SDK)
OSIsoft PI API
OSIsoft PI API
OSIsoft PI Buffer Subsystem
OSIsoft PI Connector for BACnet
OSIsoft PI Connector for CygNet
OSIsoft PI Connector for DC Systems RTscada
OSIsoft PI Connector for Ethernet/IP
OSIsoft
OSIsoft PI Connector for Ping
OSIsoft PI Connector for Wonderware Historian
OSIsoft PI Connector Relay
OSIsoft PI Data Archive
OSIsoft PI Data Collection Manager
OSIsoft PI Integrator for Business Analytics
OSIsoft PI Interface Configuration Utility
OSIsoft PI to OCS
OSiSoft PI SDK	<=1.6.8.26
OSiSoft PI SDK	<=2.0.2.5
OSIsoft PI Buffer Subsystem	<=4.8.0.18
Osisoft PI Connector	<=1.0.0.54
Osisoft PI Connector	<=1.1.0.10
Osisoft PI Connector	<=1.2.0.6
Osisoft PI Connector	<=1.2.0.42
Osisoft PI Connector	<=1.2.1.71
Osisoft PI Connector	<=1.2.2.79
Osisoft PI Connector	<=1.3.0.1
Osisoft PI Connector	<=1.3.0.130
Osisoft PI Connector	<=1.3.1.135
Osisoft PI Connector	<=1.4.0.17
Osisoft PI Connector	<=1.5.0.88
Osisoft PI Connector	<=2.5.19.0
OSIsoft PI Data Archive	<=3.4.430.460
OSIsoft PI Data Collection Manager	<=2.5.19.0
Osisoft Pi Integrator	<=2.2.0.183
OSIsoft PI Interface Configuration Utility	<=1.5.0.7
OSIsoft PI to OCS	<=1.1.36.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-133-02

Frequently Asked Questions

What is CVE-2020-10610?
CVE-2020-10610 is a vulnerability in OSIsoft PI System that allows a local attacker to take control of the local computer at Windows system privilege level.
Which products and versions are affected by CVE-2020-10610?
OSIsoft PI System products and versions such as Osisoft Pi API, Osisoft Pi Buffer Subsystem, and Osisoft Pi Connector are affected by CVE-2020-10610.
What is the severity of CVE-2020-10610?
CVE-2020-10610 has a severity rating of 7.8, which is considered high.
How can a local attacker exploit CVE-2020-10610?
A local attacker can exploit CVE-2020-10610 by modifying a search path and planting a binary to gain unauthorized control over the affected PI System software.
Where can I find more information about CVE-2020-10610?
You can find more information about CVE-2020-10610 at the following reference: https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02

agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/severity
agent/references
agent/softwarecombine
agent/trending
agent/source
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/osisoft
canonical/osisoft pi asset framework (af) client
canonical/osisoft pi software development kit (sdk)
canonical/osisoft pi api
canonical/osisoft pi buffer subsystem
canonical/osisoft pi connector for bacnet
canonical/osisoft pi connector for cygnet
canonical/osisoft pi connector for dc systems rtscada
canonical/osisoft pi connector for ethernet/ip
canonical/osisoft
canonical/osisoft pi connector for ping
canonical/osisoft pi connector for wonderware historian
canonical/osisoft pi connector relay
canonical/osisoft pi data archive
canonical/osisoft pi data collection manager
canonical/osisoft pi integrator for business analytics
canonical/osisoft pi interface configuration utility
canonical/osisoft pi to ocs
canonical/osisoft pi sdk
version/osisoft pi sdk/1.6.8.26
version/osisoft pi sdk/2.0.2.5
version/osisoft pi buffer subsystem/4.8.0.18
canonical/osisoft pi connector
version/osisoft pi connector/1.0.0.54
version/osisoft pi connector/1.1.0.10
version/osisoft pi connector/1.2.0.6
version/osisoft pi connector/1.2.0.42
version/osisoft pi connector/1.2.1.71
version/osisoft pi connector/1.2.2.79
version/osisoft pi connector/1.3.0.1
version/osisoft pi connector/1.3.0.130
version/osisoft pi connector/1.3.1.135
version/osisoft pi connector/1.4.0.17
version/osisoft pi connector/1.5.0.88
version/osisoft pi connector/2.5.19.0
version/osisoft pi data archive/3.4.430.460
version/osisoft pi data collection manager/2.5.19.0
canonical/osisoft pi integrator
version/osisoft pi integrator/2.2.0.183
version/osisoft pi interface configuration utility/1.5.0.7
version/osisoft pi to ocs/1.1.36.0