CVE-2020-10643: OSIsoft PI System
First published: Mon Jul 27 2020(Updated: )
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OSIsoft PI Asset Framework (AF) Client | ||
| OSIsoft PI Software Development Kit (SDK) | ||
| OSIsoft PI API | ||
| OSIsoft PI API | ||
| OSIsoft PI Buffer Subsystem | ||
| OSIsoft PI Connector for BACnet | ||
| OSIsoft PI Connector for CygNet | ||
| OSIsoft PI Connector for DC Systems RTscada | ||
| OSIsoft PI Connector for Ethernet/IP | ||
| OSIsoft | ||
| OSIsoft PI Connector for Ping | ||
| OSIsoft PI Connector for Wonderware Historian | ||
| OSIsoft PI Connector Relay | ||
| OSIsoft PI Data Archive | ||
| OSIsoft PI Data Collection Manager | ||
| OSIsoft PI Integrator for Business Analytics | ||
| OSIsoft PI Interface Configuration Utility | ||
| OSIsoft PI to OCS | ||
| OSIsoft | =2019 |
Remedy
Limit write access to PI Vision displays to trusted users.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10643?
CVE-2020-10643 is a vulnerability that allows an authenticated remote attacker to send specially crafted URLs to victims using PI Vision 2019 mobile and lead them to a vulnerable web page.
How does CVE-2020-10643 affect PI Vision 2019?
CVE-2020-10643 affects PI Vision 2019 by exploiting a known issue in a third-party component, allowing an authenticated remote attacker to use specially crafted URLs.
What is the severity of CVE-2020-10643?
CVE-2020-10643 has a severity score of 5.4, which is considered medium.
How can I fix CVE-2020-10643?
To fix CVE-2020-10643, it is recommended to apply the necessary security updates or patches provided by OSIsoft.
Where can I find more information about CVE-2020-10643?
You can find more information about CVE-2020-10643 on the official website of the United States Computer Emergency Readiness Team (US-CERT).
- agent/type
- agent/title
- agent/author
- agent/weakness
- agent/description
- agent/severity
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/osisoft
- canonical/osisoft pi asset framework (af) client
- canonical/osisoft pi software development kit (sdk)
- canonical/osisoft pi api
- canonical/osisoft pi buffer subsystem
- canonical/osisoft pi connector for bacnet
- canonical/osisoft pi connector for cygnet
- canonical/osisoft pi connector for dc systems rtscada
- canonical/osisoft pi connector for ethernet/ip
- canonical/osisoft
- canonical/osisoft pi connector for ping
- canonical/osisoft pi connector for wonderware historian
- canonical/osisoft pi connector relay
- canonical/osisoft pi data archive
- canonical/osisoft pi data collection manager
- canonical/osisoft pi integrator for business analytics
- canonical/osisoft pi interface configuration utility
- canonical/osisoft pi to ocs
- version/osisoft/2019