CVE-2020-10614: XSS
First published: Fri Jul 24 2020(Updated: )
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Asset Framework (AF) Client | ||
| OSIsoft PI Software Development Kit (SDK) | ||
| OSIsoft PI API | ||
| OSIsoft PI API | ||
| OSIsoft PI Buffer Subsystem | ||
| OSIsoft PI Connector for BACnet | ||
| OSIsoft PI Connector for CygNet | ||
| OSIsoft PI Connector for DC Systems RTscada | ||
| OSIsoft PI Connector for Ethernet/IP | ||
| OSIsoft | ||
| OSIsoft PI Connector for Ping | ||
| OSIsoft PI Connector for Wonderware Historian | ||
| OSIsoft PI Connector Relay | ||
| OSIsoft PI Data Archive | ||
| OSIsoft PI Data Collection Manager | ||
| OSIsoft PI Integrator for Business Analytics | ||
| OSIsoft PI Interface Configuration Utility | ||
| OSIsoft PI to OCS | ||
| OSIsoft | <=2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10614?
CVE-2020-10614 is a vulnerability in OSIsoft PI System that allows an authenticated remote attacker with write access to inject code into a display, leading to unauthorized information disclosure, deletion, or modification.
How severe is CVE-2020-10614?
The severity of CVE-2020-10614 is medium with a CVSS score of 4.8.
Which products and versions are affected by CVE-2020-10614?
OSIsoft PI Vision versions up to 2019 are affected by CVE-2020-10614.
How can I fix CVE-2020-10614?
Apply the latest updates or patches provided by OSIsoft to address CVE-2020-10614.
Where can I find more information about CVE-2020-10614?
You can find more information about CVE-2020-10614 at the following link: [https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02](https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02)
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/osisoft
- canonical/osisoft pi asset framework (af) client
- canonical/osisoft pi software development kit (sdk)
- canonical/osisoft pi api
- canonical/osisoft pi buffer subsystem
- canonical/osisoft pi connector for bacnet
- canonical/osisoft pi connector for cygnet
- canonical/osisoft pi connector for dc systems rtscada
- canonical/osisoft pi connector for ethernet/ip
- canonical/osisoft
- canonical/osisoft pi connector for ping
- canonical/osisoft pi connector for wonderware historian
- canonical/osisoft pi connector relay
- canonical/osisoft pi data archive
- canonical/osisoft pi data collection manager
- canonical/osisoft pi integrator for business analytics
- canonical/osisoft pi interface configuration utility
- canonical/osisoft pi to ocs
- version/osisoft/2019