CVE-2020-10610
First published: Fri Jul 24 2020(Updated: )
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Osisoft Pi Api | <=1.6.8.26 | |
| Osisoft Pi Api | <=2.0.2.5 | |
| Osisoft Pi Buffer Subsystem | <=4.8.0.18 | |
| Osisoft Pi Connector | <=1.0.0.54 | |
| Osisoft Pi Connector | <=1.1.0.10 | |
| Osisoft Pi Connector | <=1.2.0.6 | |
| Osisoft Pi Connector | <=1.2.0.42 | |
| Osisoft Pi Connector | <=1.2.1.71 | |
| Osisoft Pi Connector | <=1.2.2.79 | |
| Osisoft Pi Connector | <=1.3.0.1 | |
| Osisoft Pi Connector | <=1.3.0.130 | |
| Osisoft Pi Connector | <=1.3.1.135 | |
| Osisoft Pi Connector | <=1.4.0.17 | |
| Osisoft Pi Connector | <=1.5.0.88 | |
| Osisoft Pi Connector Relay | <=2.5.19.0 | |
| OSIsoft PI Data Archive | <=3.4.430.460 | |
| Osisoft Pi Data Collection Manager | <=2.5.19.0 | |
| Osisoft Pi Integrator | <=2.2.0.183 | |
| Osisoft Pi Interface Configuration Utility | <=1.5.0.7 | |
| Osisoft Pi To Ocs | <=1.1.36.0 | |
| OSIsoft Applications using PI Asset Framework (AF) Client versions prior to and including PI AF Client 2018 SP3 Patch 1, Version 2.10.7.283 | ||
| OSIsoft Applications using PI Software Development Kit (SDK) versions prior to and including PI SDK 2018 SP1, Version 1.4.7.602 | ||
| OSIsoft PI API for Windows Integrated Security versions prior to and including 2.0.2.5, | ||
| OSIsoft PI API versions prior to and including 1.6.8.26 | ||
| OSIsoft PI Buffer Subsystem versions prior to and including 4.8.0.18 | ||
| OSIsoft PI Connector for BACnet, versions prior to and including 1.2.0.6 | ||
| OSIsoft PI Connector for CygNet, versions prior to and including 1.4.0.17 | ||
| OSIsoft PI Connector for DC Systems RTscada, versions prior to and including 1.2.0.42 | ||
| OSIsoft PI Connector for Ethernet/IP, versions prior to and including 1.1.0.10 | ||
| OSIsoft PI Connector for HART-IP, versions prior to and including 1.3.0.1 | ||
| OSIsoft PI Connector for Ping, versions prior to and including 1.0.0.54 | ||
| OSIsoft PI Connector for Wonderware Historian, versions prior to and including 1.5.0.88 | ||
| OSIsoft PI Connector Relay, versions prior to and including 2.5.19.0 | ||
| OSIsoft PI Data Archive versions prior to and including PI Data Archive 2018 SP3, Version 3.4.430.460 | ||
| OSIsoft PI Data Collection Manager, versions prior to and including 2.5.19.0 | ||
| OSIsoft PI Integrator for Business Analytics versions prior to and including 2018 R2 SP1, Version 2.2.0.183 | ||
| OSIsoft PI Interface Configuration Utility (ICU) versions prior to and including 1.5.0.7 | ||
| OSIsoft PI to OCS versions prior to and including 1.1.36.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10610?
CVE-2020-10610 is a vulnerability in OSIsoft PI System that allows a local attacker to take control of the local computer at Windows system privilege level.
Which products and versions are affected by CVE-2020-10610?
OSIsoft PI System products and versions such as Osisoft Pi API, Osisoft Pi Buffer Subsystem, and Osisoft Pi Connector are affected by CVE-2020-10610.
What is the severity of CVE-2020-10610?
CVE-2020-10610 has a severity rating of 7.8, which is considered high.
How can a local attacker exploit CVE-2020-10610?
A local attacker can exploit CVE-2020-10610 by modifying a search path and planting a binary to gain unauthorized control over the affected PI System software.
Where can I find more information about CVE-2020-10610?
You can find more information about CVE-2020-10610 at the following reference: https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/osisoft
- canonical/osisoft pi api
- version/osisoft pi api/1.6.8.26
- version/osisoft pi api/2.0.2.5
- canonical/osisoft pi buffer subsystem
- version/osisoft pi buffer subsystem/4.8.0.18
- canonical/osisoft pi connector
- version/osisoft pi connector/1.0.0.54
- version/osisoft pi connector/1.1.0.10
- version/osisoft pi connector/1.2.0.6
- version/osisoft pi connector/1.2.0.42
- version/osisoft pi connector/1.2.1.71
- version/osisoft pi connector/1.2.2.79
- version/osisoft pi connector/1.3.0.1
- version/osisoft pi connector/1.3.0.130
- version/osisoft pi connector/1.3.1.135
- version/osisoft pi connector/1.4.0.17
- version/osisoft pi connector/1.5.0.88
- canonical/osisoft pi connector relay
- version/osisoft pi connector relay/2.5.19.0
- canonical/osisoft pi data archive
- version/osisoft pi data archive/3.4.430.460
- canonical/osisoft pi data collection manager
- version/osisoft pi data collection manager/2.5.19.0
- canonical/osisoft pi integrator
- version/osisoft pi integrator/2.2.0.183
- canonical/osisoft pi interface configuration utility
- version/osisoft pi interface configuration utility/1.5.0.7
- canonical/osisoft pi to ocs
- version/osisoft pi to ocs/1.1.36.0
- canonical/osisoft applications using pi asset framework (af) client versions prior to and including pi af client 2018 sp3 patch 1, version 2.10.7.283
- canonical/osisoft applications using pi software development kit (sdk) versions prior to and including pi sdk 2018 sp1, version 1.4.7.602
- canonical/osisoft pi api for windows integrated security versions prior to and including 2.0.2.5,
- canonical/osisoft pi api versions prior to and including 1.6.8.26
- canonical/osisoft pi buffer subsystem versions prior to and including 4.8.0.18
- canonical/osisoft pi connector for bacnet, versions prior to and including 1.2.0.6
- canonical/osisoft pi connector for cygnet, versions prior to and including 1.4.0.17
- canonical/osisoft pi connector for dc systems rtscada, versions prior to and including 1.2.0.42
- canonical/osisoft pi connector for ethernet/ip, versions prior to and including 1.1.0.10
- canonical/osisoft pi connector for hart-ip, versions prior to and including 1.3.0.1
- canonical/osisoft pi connector for ping, versions prior to and including 1.0.0.54
- canonical/osisoft pi connector for wonderware historian, versions prior to and including 1.5.0.88
- canonical/osisoft pi connector relay, versions prior to and including 2.5.19.0
- canonical/osisoft pi data archive versions prior to and including pi data archive 2018 sp3, version 3.4.430.460
- canonical/osisoft pi data collection manager, versions prior to and including 2.5.19.0
- canonical/osisoft pi integrator for business analytics versions prior to and including 2018 r2 sp1, version 2.2.0.183
- canonical/osisoft pi interface configuration utility (icu) versions prior to and including 1.5.0.7
- canonical/osisoft pi to ocs versions prior to and including 1.1.36.0