VAR-202007-0030
Vulnerability from variot - Updated: 2024-11-23 21:11In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pi interface configuration utility",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.7"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.0.10"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.42"
},
{
"model": "pi to ocs",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.1.36.0"
},
{
"model": "pi connector relay",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.0.0.54"
},
{
"model": "pi data collection manager",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.5.19.0"
},
{
"model": "pi buffer subsystem",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "4.8.0.18"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.0.6"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.130"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.6.8.26"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.1.71"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.1.135"
},
{
"model": "pi api",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.0.2.5"
},
{
"model": "pi data archive",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "3.4.430.460"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.2.2.79"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.3.0.1"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.4.0.17"
},
{
"model": "pi integrator",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "2.2.0.183"
},
{
"model": "pi connector",
"scope": "lte",
"trust": 1.0,
"vendor": "osisoft",
"version": "1.5.0.88"
},
{
"model": "pi api",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi buffer subsystem",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi connector relay",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data archive",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi data collection manager",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi integrator for business analytics",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi interface configuration utility",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
},
{
"model": "pi to ocs",
"scope": null,
"trust": 0.8,
"vendor": "osisoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osisoft:pi_api",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_buffer_subsystem",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_connector",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_connector_relay",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_data_archive",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_data_collection_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_integrator_for_business_analystics",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_interface_configuration_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:osisoft:pi_to_ocs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
}
]
},
"cve": "CVE-2020-10606",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10606",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009001",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-10606",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10606",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009001",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10606",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "VULMON",
"id": "CVE-2020-10606"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-133-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-10606",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94872807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-10606",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"id": "VAR-202007-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.409523815
},
"last_update_date": "2024-11-23T21:11:48.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.osisoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10606"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10606"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94872807/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-133-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1679/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"date": "2020-07-24T23:15:11.830000",
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10606"
},
{
"date": "2020-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009001"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-689"
},
{
"date": "2024-11-21T04:55:41.233000",
"db": "NVD",
"id": "CVE-2020-10606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OSIsoft Made PI Vulnerability in improper default permissions on system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009001"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-689"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…