Vulnerabilites related to OSIsoft - PI Data Archive
var-201708-1390
Vulnerability from variot
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1390", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "3.4.410.1256", }, { model: "pi data archive", scope: "lt", trust: 0.8, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2017", }, { model: "pi data archive", scope: "eq", trust: 0.6, vendor: "osisoft", version: "3.4.410.1256", }, { model: "pi server", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20170", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20163.4.400.1162", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20153.4.395.64", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive", scope: "ne", trust: 0.3, vendor: "osisoft", version: "2017", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "*", }, ], sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.410.1256", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-7930", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "99059", }, ], trust: 0.3, }, cve: "CVE-2017-7930", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-7930", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "CNVD-2017-16357", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "b62dbca6-8c59-468d-99f3-000e688d6797", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.2, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.4, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-7930", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-7930", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-16357", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201704-930", trust: 0.6, value: "HIGH", }, { author: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", trust: 0.2, value: "HIGH", }, ], }, ], sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2017-7930", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "CNVD", id: "CNVD-2017-16357", }, { db: "BID", id: "99059", }, { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7930", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-17-164-02", trust: 2.7, }, { db: "BID", id: "99059", trust: 2.5, }, { db: "CNVD", id: "CNVD-2017-16357", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201704-930", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-007336", trust: 0.8, }, { db: "IVD", id: "B62DBCA6-8C59-468D-99F3-000E688D6797", trust: 0.2, }, ], sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, id: "VAR-201708-1390", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, ], trust: 1.2761904800000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, ], }, last_update_date: "2023-12-18T12:19:33.968000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "AL00315 - OSIsoft releases security updates in PI Server 2017", trust: 0.8, url: "https://techsupport.osisoft.com/troubleshooting/alerts/al00315", }, { title: "OSIsoft PI Server authentication bypasses the patch for the vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/98749", }, { title: "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99745", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-16357", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.7, url: "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02", }, { trust: 2.2, url: "http://www.securityfocus.com/bid/99059", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7930", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7930", }, { trust: 0.3, url: "https://techsupport.osisoft.com", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-16357", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007336", }, { db: "NVD", id: "CVE-2017-7930", }, { db: "CNNVD", id: "CNNVD-201704-930", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-25T00:00:00", db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { date: "2017-07-25T00:00:00", db: "CNVD", id: "CNVD-2017-16357", }, { date: "2017-06-13T00:00:00", db: "BID", id: "99059", }, { date: "2017-09-19T00:00:00", db: "JVNDB", id: "JVNDB-2017-007336", }, { date: "2017-08-25T19:29:00.333000", db: "NVD", id: "CVE-2017-7930", }, { date: "2017-04-20T00:00:00", db: "CNNVD", id: "CNNVD-201704-930", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-25T00:00:00", db: "CNVD", id: "CNVD-2017-16357", }, { date: "2017-06-13T00:00:00", db: "BID", id: "99059", }, { date: "2017-09-19T00:00:00", db: "JVNDB", id: "JVNDB-2017-007336", }, { date: "2019-10-09T23:29:59.970000", db: "NVD", id: "CVE-2017-7930", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201704-930", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201704-930", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Server Authentication Bypass Vulnerability", sources: [ { db: "IVD", id: "b62dbca6-8c59-468d-99f3-000e688d6797", }, { db: "CNVD", id: "CNVD-2017-16357", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-201704-930", }, ], trust: 0.6, }, }
var-202007-0022
Vulnerability from variot
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0022", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "2019", }, { model: "pi data archive", scope: "eq", trust: 0.8, vendor: "osisoft", version: "2018 sp2", }, { model: "pi data archive sp2", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2018", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2019", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10600", }, ], }, cve: "CVE-2020-10600", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.9, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4.9, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-008998", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4.9, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CNVD-2020-52464", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 4.2, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.6, impactScore: 4.2, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.1, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-008998", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10600", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2020-10600", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-008998", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-52464", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202005-677", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, { db: "NVD", id: "CVE-2020-10600", }, { db: "CNNVD", id: "CNNVD-202005-677", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. OSIsoft PI Web API is a product of American OSIsoft company for accessing PI system data", sources: [ { db: "NVD", id: "CVE-2020-10600", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "CNVD", id: "CNVD-2020-52464", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "ICS CERT", id: "ICSA-20-133-02", trust: 3, }, { db: "NVD", id: "CVE-2020-10600", trust: 3, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-008998", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-52464", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-677", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, { db: "CNNVD", id: "CNNVD-202005-677", }, ], }, id: "VAR-202007-0022", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, ], trust: 1.33809524, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, ], }, last_update_date: "2023-12-18T11:26:49.514000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008998", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-476", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10600", }, { trust: 1.2, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10600", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52464", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, { db: "CNNVD", id: "CNNVD-202005-677", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-52464", }, { db: "JVNDB", id: "JVNDB-2020-008998", }, { db: "NVD", id: "CVE-2020-10600", }, { db: "CNNVD", id: "CNNVD-202005-677", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-17T00:00:00", db: "CNVD", id: "CNVD-2020-52464", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-008998", }, { date: "2020-07-24T23:15:11.690000", db: "NVD", id: "CVE-2020-10600", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-677", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-21T00:00:00", db: "CNVD", id: "CNVD-2020-52464", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-008998", }, { date: "2020-08-05T17:39:30.420000", db: "NVD", id: "CVE-2020-10600", }, { date: "2020-07-29T00:00:00", db: "CNNVD", id: "CNNVD-202005-677", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "PI Data Archive In NULL Pointer dereference vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2020-008998", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202005-677", }, ], trust: 0.6, }, }
var-202007-0030
Vulnerability from variot
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0030", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data collection manager", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi buffer subsystem", scope: "lte", trust: 1, vendor: "osisoft", version: "4.8.0.18", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "2.0.2.5", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.0.0.54", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.4.0.17", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "1.6.8.26", }, { model: "pi integrator", scope: "lte", trust: 1, vendor: "osisoft", version: "2.2.0.183", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.6", }, { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "3.4.430.460", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.2.79", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.0.10", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.42", }, { model: "pi to ocs", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.36.0", }, { model: "pi connector relay", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.1.71", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.88", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.1", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.130", }, { model: "pi interface configuration utility", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.7", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.1.135", }, { model: "pi api", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi buffer subsystem", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector relay", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data archive", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data collection manager", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi integrator for business analytics", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi interface configuration utility", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi to ocs", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.6.8.26", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*", cpe_name: [], versionEndIncluding: "2.0.2.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.8.0.18", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*", cpe_name: [], versionEndIncluding: "1.0.0.54", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*", cpe_name: [], versionEndIncluding: "1.1.0.10", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*", cpe_name: [], versionEndIncluding: "1.2.0.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*", cpe_name: [], versionEndIncluding: "1.2.0.42", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*", cpe_name: [], versionEndIncluding: "1.2.1.71", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*", cpe_name: [], versionEndIncluding: "1.2.2.79", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*", cpe_name: [], versionEndIncluding: "1.3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*", cpe_name: [], versionEndIncluding: "1.3.0.130", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*", cpe_name: [], versionEndIncluding: "1.3.1.135", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*", cpe_name: [], versionEndIncluding: "1.4.0.17", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*", cpe_name: [], versionEndIncluding: "1.5.0.88", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.430.460", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*", cpe_name: [], versionEndIncluding: "2.2.0.183", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.0.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.1.36.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10606", }, ], }, cve: "CVE-2020-10606", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-009001", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2020-10606", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-009001", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10606", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-009001", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202005-689", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-10606", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2020-10606", }, { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, { db: "CNNVD", id: "CNNVD-202005-689", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. plural OSIsoft Made PI There is a vulnerability in the system regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-10606", }, { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "VULMON", id: "CVE-2020-10606", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "ICS CERT", id: "ICSA-20-133-02", trust: 2.5, }, { db: "NVD", id: "CVE-2020-10606", trust: 2.5, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-009001", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-689", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-10606", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2020-10606", }, { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, { db: "CNNVD", id: "CNNVD-202005-689", }, ], }, id: "VAR-202007-0030", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.409523815, }, last_update_date: "2023-12-18T11:23:58.459000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009001", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-276", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10606", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10606", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/276.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2020-10606", }, { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, { db: "CNNVD", id: "CNNVD-202005-689", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2020-10606", }, { db: "JVNDB", id: "JVNDB-2020-009001", }, { db: "NVD", id: "CVE-2020-10606", }, { db: "CNNVD", id: "CNNVD-202005-689", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-24T00:00:00", db: "VULMON", id: "CVE-2020-10606", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009001", }, { date: "2020-07-24T23:15:11.830000", db: "NVD", id: "CVE-2020-10606", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-689", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-05T00:00:00", db: "VULMON", id: "CVE-2020-10606", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009001", }, { date: "2020-08-05T17:57:44.737000", db: "NVD", id: "CVE-2020-10606", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202005-689", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202005-689", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural OSIsoft Made PI Vulnerability in improper default permissions on system", sources: [ { db: "JVNDB", id: "JVNDB-2020-009001", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202005-689", }, ], trust: 0.6, }, }
var-202007-0033
Vulnerability from variot
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0033", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data collection manager", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi buffer subsystem", scope: "lte", trust: 1, vendor: "osisoft", version: "4.8.0.18", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "2.0.2.5", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.0.0.54", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.4.0.17", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "1.6.8.26", }, { model: "pi integrator", scope: "lte", trust: 1, vendor: "osisoft", version: "2.2.0.183", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.6", }, { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "3.4.430.460", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.2.79", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.0.10", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.42", }, { model: "pi to ocs", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.36.0", }, { model: "pi connector relay", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.1.71", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.88", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.1", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.130", }, { model: "pi interface configuration utility", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.7", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.1.135", }, { model: "pi api", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi buffer subsystem", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector relay", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data archive", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data collection manager", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi integrator for business analytics", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi interface configuration utility", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi to ocs", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.6.8.26", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*", cpe_name: [], versionEndIncluding: "2.0.2.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.8.0.18", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*", cpe_name: [], versionEndIncluding: "1.0.0.54", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*", cpe_name: [], versionEndIncluding: "1.1.0.10", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*", cpe_name: [], versionEndIncluding: "1.2.0.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*", cpe_name: [], versionEndIncluding: "1.2.0.42", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*", cpe_name: [], versionEndIncluding: "1.2.1.71", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*", cpe_name: [], versionEndIncluding: "1.2.2.79", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*", cpe_name: [], versionEndIncluding: "1.3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*", cpe_name: [], versionEndIncluding: "1.3.0.130", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*", cpe_name: [], versionEndIncluding: "1.3.1.135", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*", cpe_name: [], versionEndIncluding: "1.4.0.17", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*", cpe_name: [], versionEndIncluding: "1.5.0.88", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.430.460", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*", cpe_name: [], versionEndIncluding: "2.2.0.183", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.0.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.1.36.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10610", }, ], }, cve: "CVE-2020-10610", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "JVNDB-2020-009003", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-009003", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10610", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-009003", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202005-697", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, { db: "CNNVD", id: "CNNVD-202005-697", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-10610", }, { db: "JVNDB", id: "JVNDB-2020-009003", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "ICS CERT", id: "ICSA-20-133-02", trust: 2.4, }, { db: "NVD", id: "CVE-2020-10610", trust: 2.4, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-009003", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-697", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, { db: "CNNVD", id: "CNNVD-202005-697", }, ], }, id: "VAR-202007-0033", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.409523815, }, last_update_date: "2023-12-18T11:21:35.951000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-426", trust: 1, }, { problemtype: "CWE-427", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10610", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10610", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, { db: "CNNVD", id: "CNNVD-202005-697", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, { db: "NVD", id: "CVE-2020-10610", }, { db: "CNNVD", id: "CNNVD-202005-697", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009003", }, { date: "2020-07-24T23:15:11.940000", db: "NVD", id: "CVE-2020-10610", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-697", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009003", }, { date: "2021-12-21T12:46:15.087000", db: "NVD", id: "CVE-2020-10610", }, { date: "2021-12-22T00:00:00", db: "CNNVD", id: "CNNVD-202005-697", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202005-697", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural OSIsoft Made PI Vulnerabilities in uncontrolled search path elements in the system", sources: [ { db: "JVNDB", id: "JVNDB-2020-009003", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202005-697", }, ], trust: 0.6, }, }
var-201803-2220
Vulnerability from variot
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2220", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "eq", trust: 1.9, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 1.8, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2017", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive r2", scope: "ne", trust: 0.3, vendor: "osisoft", version: "2017", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "2017", }, ], sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2017", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-7531", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported these issues.", sources: [ { db: "BID", id: "103399", }, ], trust: 0.3, }, cve: "CVE-2018-7531", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.1, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-7531", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "CNVD-2018-05301", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.2, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 5.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-7531", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-7531", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-05301", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-454", trust: 0.6, value: "MEDIUM", }, { author: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", trust: 0.2, value: "MEDIUM", }, ], }, ], sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible", sources: [ { db: "NVD", id: "CVE-2018-7531", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "CNVD", id: "CNVD-2018-05301", }, { db: "BID", id: "103399", }, { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-7531", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-18-072-02", trust: 3.3, }, { db: "BID", id: "103399", trust: 1.9, }, { db: "CNVD", id: "CNVD-2018-05301", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2018-003016", trust: 0.8, }, { db: "IVD", id: "E2E59B82-39AB-11E9-9DFB-000C29342CB1", trust: 0.2, }, ], sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, id: "VAR-201803-2220", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, ], trust: 1.2761904800000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, ], }, last_update_date: "2023-12-18T13:28:58.535000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, { title: "OSIsoft PI Data Archive patch for denial of service vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/121503", }, { title: "OSIsoft PI Data Archive Enter the fix for the verification vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79104", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05301", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/103399", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7531", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-7531", }, { trust: 0.3, url: "https://www.osisoft.com/default.aspx", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05301", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05301", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "NVD", id: "CVE-2018-7531", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05301", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003016", }, { date: "2018-03-14T18:29:00.733000", db: "NVD", id: "CVE-2018-7531", }, { date: "2018-03-14T00:00:00", db: "CNNVD", id: "CNNVD-201803-454", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05301", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003016", }, { date: "2019-10-09T23:42:23.720000", db: "NVD", id: "CVE-2018-7531", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201803-454", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-454", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-003016", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], trust: 1.4, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input validation error", sources: [ { db: "IVD", id: "e2e59b82-39ab-11e9-9dfb-000c29342cb1", }, { db: "BID", id: "103399", }, { db: "CNNVD", id: "CNNVD-201803-454", }, ], trust: 1.1, }, }
var-202007-0028
Vulnerability from variot
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0028", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "eq", trust: 1.6, vendor: "osisoft", version: "2018", }, { model: "pi data archive", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data archive sp2", scope: "eq", trust: 0.6, vendor: "osisoft", version: "2018", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:2018:sp2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:2018:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10604", }, ], }, cve: "CVE-2020-10604", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-009000", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2020-52466", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-009000", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10604", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-009000", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-52466", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202005-687", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, { db: "CNNVD", id: "CNNVD-202005-687", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data", sources: [ { db: "NVD", id: "CVE-2020-10604", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "CNVD", id: "CNVD-2020-52466", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10604", trust: 3, }, { db: "ICS CERT", id: "ICSA-20-133-02", trust: 3, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-009000", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-52466", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-687", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, { db: "CNNVD", id: "CNNVD-202005-687", }, ], }, id: "VAR-202007-0028", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, ], trust: 1.33809524, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, ], }, last_update_date: "2023-12-18T11:41:57.510000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009000", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-755", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10604", }, { trust: 1.2, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10604", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52466", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, { db: "CNNVD", id: "CNNVD-202005-687", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-52466", }, { db: "JVNDB", id: "JVNDB-2020-009000", }, { db: "NVD", id: "CVE-2020-10604", }, { db: "CNNVD", id: "CNNVD-202005-687", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-17T00:00:00", db: "CNVD", id: "CNVD-2020-52466", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009000", }, { date: "2020-07-25T00:15:12.047000", db: "NVD", id: "CVE-2020-10604", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-687", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-17T00:00:00", db: "CNVD", id: "CNVD-2020-52466", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009000", }, { date: "2022-10-21T17:16:47.677000", db: "NVD", id: "CVE-2020-10604", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202005-687", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202005-687", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive Vulnerability in handling exceptional conditions in", sources: [ { db: "JVNDB", id: "JVNDB-2020-009000", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202005-687", }, ], trust: 0.6, }, }
var-202007-0031
Vulnerability from variot
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0031", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data collection manager", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi buffer subsystem", scope: "lte", trust: 1, vendor: "osisoft", version: "4.8.0.18", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "2.0.2.5", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.0.0.54", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.4.0.17", }, { model: "pi api", scope: "lte", trust: 1, vendor: "osisoft", version: "1.6.8.26", }, { model: "pi integrator", scope: "lte", trust: 1, vendor: "osisoft", version: "2.2.0.183", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.6", }, { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "3.4.430.460", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.2.79", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.0.10", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.0.42", }, { model: "pi to ocs", scope: "lte", trust: 1, vendor: "osisoft", version: "1.1.36.0", }, { model: "pi connector relay", scope: "lte", trust: 1, vendor: "osisoft", version: "2.5.19.0", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.2.1.71", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.88", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.1", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.0.130", }, { model: "pi interface configuration utility", scope: "lte", trust: 1, vendor: "osisoft", version: "1.5.0.7", }, { model: "pi connector", scope: "lte", trust: 1, vendor: "osisoft", version: "1.3.1.135", }, { model: "pi api", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi buffer subsystem", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi connector relay", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data archive", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data collection manager", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi integrator for business analytics", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi interface configuration utility", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi to ocs", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.6.8.26", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*", cpe_name: [], versionEndIncluding: "2.0.2.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.8.0.18", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*", cpe_name: [], versionEndIncluding: "1.0.0.54", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*", cpe_name: [], versionEndIncluding: "1.1.0.10", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*", cpe_name: [], versionEndIncluding: "1.2.0.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*", cpe_name: [], versionEndIncluding: "1.2.0.42", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*", cpe_name: [], versionEndIncluding: "1.2.1.71", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*", cpe_name: [], versionEndIncluding: "1.2.2.79", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*", cpe_name: [], versionEndIncluding: "1.3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*", cpe_name: [], versionEndIncluding: "1.3.0.130", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*", cpe_name: [], versionEndIncluding: "1.3.1.135", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*", cpe_name: [], versionEndIncluding: "1.4.0.17", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*", cpe_name: [], versionEndIncluding: "1.5.0.88", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.430.460", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.5.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*", cpe_name: [], versionEndIncluding: "2.2.0.183", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.0.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.1.36.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10608", }, ], }, cve: "CVE-2020-10608", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-009002", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-009002", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10608", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-009002", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202005-692", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, { db: "CNNVD", id: "CNNVD-202005-692", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. plural OSIsoft Made PI The system contains a vulnerability in digital signature verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-10608", }, { db: "JVNDB", id: "JVNDB-2020-009002", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "ICS CERT", id: "ICSA-20-133-02", trust: 2.4, }, { db: "NVD", id: "CVE-2020-10608", trust: 2.4, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-009002", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-692", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, { db: "CNNVD", id: "CNNVD-202005-692", }, ], }, id: "VAR-202007-0031", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.409523815, }, last_update_date: "2023-12-18T11:19:30.173000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-347", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10608", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10608", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, { db: "CNNVD", id: "CNNVD-202005-692", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, { db: "NVD", id: "CVE-2020-10608", }, { db: "CNNVD", id: "CNNVD-202005-692", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009002", }, { date: "2020-07-24T23:15:11.877000", db: "NVD", id: "CVE-2020-10608", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-692", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-009002", }, { date: "2020-08-05T18:06:30.360000", db: "NVD", id: "CVE-2020-10608", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202005-692", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202005-692", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural OSIsoft Made PI Vulnerability in Digital Signature Verification in Systems", sources: [ { db: "JVNDB", id: "JVNDB-2020-009002", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "data forgery", sources: [ { db: "CNNVD", id: "CNNVD-202005-692", }, ], trust: 0.6, }, }
var-201804-0079
Vulnerability from variot
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0079", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi sdk", scope: "lt", trust: 1, vendor: "osisoft", version: "1.4.6", }, { model: "pi buffer subsystem", scope: "lt", trust: 1, vendor: "osisoft", version: "4.5.0", }, { model: "pi data archive", scope: "lt", trust: 1, vendor: "osisoft", version: "3.4.400.1162", }, { model: "pi af client", scope: "lt", trust: 1, vendor: "osisoft", version: "2.8.0", }, { model: "pi af client", scope: "lt", trust: 0.8, vendor: "osisoft", version: "2016 2.8.0", }, { model: "pi buffer subsystem", scope: "eq", trust: 0.8, vendor: "osisoft", version: "4.4 and less", }, { model: "pi data archive", scope: "lt", trust: 0.8, vendor: "osisoft", version: "2015 3.4.395.64", }, { model: "pi sdk", scope: "lt", trust: 0.8, vendor: "osisoft", version: "2016 1.4.6", }, { model: "pi af client", scope: "eq", trust: 0.6, vendor: "osisoft", version: "2016(2.8.0)", }, { model: "pi software development kit", scope: "lt", trust: 0.6, vendor: "osisoft", version: "2016(1.4.6)", }, { model: "pi data archive", scope: "lt", trust: 0.6, vendor: "osisoft", version: "2016(3.4.400.1162)", }, { model: "pi sdk", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20160", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi buffer subsystem", scope: "eq", trust: 0.3, vendor: "osisoft", version: "4.4", }, { model: "pi af client", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20160", }, { model: "pi sdk", scope: "ne", trust: 0.3, vendor: "osisoft", version: "20161.4.6", }, { model: "pi data archive", scope: "ne", trust: 0.3, vendor: "osisoft", version: "20163.4.400.1162", }, { model: "pi buffer subsystem", scope: "ne", trust: 0.3, vendor: "osisoft", version: "4.5", }, { model: "pi af client", scope: "ne", trust: 0.3, vendor: "osisoft", version: "20162.8", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi af client", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi buffer subsystem", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi sdk", version: "*", }, ], sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, { db: "BID", id: "94165", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_af_client:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_sdk:*:*:*:*:2016:*:*:*", cpe_name: [], versionEndExcluding: "1.4.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:2016:*:*:*", cpe_name: [], versionEndExcluding: "3.4.400.1162", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-8365", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft", sources: [ { db: "BID", id: "94165", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], trust: 0.9, }, cve: "CVE-2016-8365", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 2.1, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2016-8365", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CNVD-2016-11094", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.2, vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2016-8365", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-8365", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2016-11094", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201611-316", trust: 0.6, value: "MEDIUM", }, { author: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", trust: 0.2, value: "MEDIUM", }, ], }, ], sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). OSIsoft PI System software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. OSIsoft PI Web API is a product of OSIsoft Corporation of the United States for accessing PI system data. A local denial of service vulnerability exists in the OSIsoft PI System", sources: [ { db: "NVD", id: "CVE-2016-8365", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "CNVD", id: "CNVD-2016-11094", }, { db: "BID", id: "94165", }, { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-8365", trust: 3.5, }, { db: "BID", id: "94165", trust: 2.5, }, { db: "CNVD", id: "CNVD-2016-11094", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201611-316", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-009008", trust: 0.8, }, { db: "IVD", id: "87D38CA7-2043-4E29-9C00-8DBD6630ADD8", trust: 0.2, }, ], sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, { db: "BID", id: "94165", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], }, id: "VAR-201804-0079", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, ], trust: 1.5003968266666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, ], }, last_update_date: "2023-12-18T13:28:58.049000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "OSIsoft Releases Security Updates for Core Networking Component in PI System 2016", trust: 0.8, url: "https://techsupport.osisoft.com/troubleshooting/alerts/al00308", }, { title: "OSIsoft PI System Local Denial of Service Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/83850", }, { title: "OSIsoft PI System Fixes for local denial of service vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65684", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11094", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-284", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.7, url: "https://ics-cert.us-cert.gov/advisories/ics-vu-313-03", }, { trust: 2.2, url: "http://www.securityfocus.com/bid/94165", }, { trust: 1.9, url: "https://techsupport.osisoft.com/troubleshooting/alerts/al00308", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8365", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2016-8365", }, { trust: 0.3, url: "https://techsupport.osisoft.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11094", }, { db: "BID", id: "94165", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, { db: "BID", id: "94165", }, { db: "JVNDB", id: "JVNDB-2016-009008", }, { db: "NVD", id: "CVE-2016-8365", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-11-15T00:00:00", db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { date: "2016-11-15T00:00:00", db: "CNVD", id: "CNVD-2016-11094", }, { date: "2016-11-08T00:00:00", db: "BID", id: "94165", }, { date: "2018-06-06T00:00:00", db: "JVNDB", id: "JVNDB-2016-009008", }, { date: "2018-04-03T14:29:00.247000", db: "NVD", id: "CVE-2016-8365", }, { date: "2016-11-17T00:00:00", db: "CNNVD", id: "CNNVD-201611-316", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-11-15T00:00:00", db: "CNVD", id: "CNVD-2016-11094", }, { date: "2016-11-24T01:08:00", db: "BID", id: "94165", }, { date: "2018-06-06T00:00:00", db: "JVNDB", id: "JVNDB-2016-009008", }, { date: "2019-10-09T23:19:57.193000", db: "NVD", id: "CVE-2016-8365", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201611-316", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "94165", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI System Local Denial of Service Vulnerability", sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNVD", id: "CNVD-2016-11094", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Access control error", sources: [ { db: "IVD", id: "87d38ca7-2043-4e29-9c00-8dbd6630add8", }, { db: "CNNVD", id: "CNNVD-201611-316", }, ], trust: 0.8, }, }
var-201508-0635
Vulnerability from variot
OSIsoft PI System is a system based on the enterprise infrastructure of the United States OSIsoft for managing real-time data and events. PI AF Server is the core product of PI System. OSIsoft PI Data Archive is a highly efficient storage and archiving component of PI Server that implements high-performance data retrieval through client software. There are security vulnerabilities in OSIsoft PI Data Archive 2015 versions before 3.4.395.64. An attacker could use this vulnerability to execute arbitrary code with elevated privileges, obtain sensitive information, perform unauthorized operations, and cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0635", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive", scope: "ne", trust: 0.3, vendor: "osisoft", version: "20153.4.395.64", }, ], sources: [ { db: "BID", id: "76354", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "76354", }, ], trust: 0.3, }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI System is a system based on the enterprise infrastructure of the United States OSIsoft for managing real-time data and events. PI AF Server is the core product of PI System. OSIsoft PI Data Archive is a highly efficient storage and archiving component of PI Server that implements high-performance data retrieval through client software. \nThere are security vulnerabilities in OSIsoft PI Data Archive 2015 versions before 3.4.395.64. An attacker could use this vulnerability to execute arbitrary code with elevated privileges, obtain sensitive information, perform unauthorized operations, and cause a denial of service", sources: [ { db: "CNNVD", id: "CNNVD-201508-368", }, { db: "BID", id: "76354", }, ], trust: 0.81, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "BID", id: "76354", trust: 0.9, }, { db: "CNNVD", id: "CNNVD-201508-368", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-15-225-01", trust: 0.3, }, ], sources: [ { db: "BID", id: "76354", }, { db: "CNNVD", id: "CNNVD-201508-368", }, ], }, id: "VAR-201508-0635", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.47619048, }, last_update_date: "2022-05-17T01:41:11.440000Z", references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.6, url: "http://www.securityfocus.com/bid/76354", }, { trust: 0.3, url: "https://www.osisoft.com/default.aspx", }, { trust: 0.3, url: "https://techsupport.osisoft.com/troubleshooting/alerts/al00289", }, { trust: 0.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-15-225-01", }, ], sources: [ { db: "BID", id: "76354", }, { db: "CNNVD", id: "CNNVD-201508-368", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "76354", }, { db: "CNNVD", id: "CNNVD-201508-368", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-08-13T00:00:00", db: "BID", id: "76354", }, { date: "2015-08-19T00:00:00", db: "CNNVD", id: "CNNVD-201508-368", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-08-13T00:00:00", db: "BID", id: "76354", }, { date: "2015-08-19T00:00:00", db: "CNNVD", id: "CNNVD-201508-368", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote ※ local", sources: [ { db: "CNNVD", id: "CNNVD-201508-368", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive Security hole", sources: [ { db: "CNNVD", id: "CNNVD-201508-368", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "76354", }, ], trust: 0.3, }, }
var-201803-2222
Vulnerability from variot
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2222", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "eq", trust: 1.9, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 1.8, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2017", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive r2", scope: "ne", trust: 0.3, vendor: "osisoft", version: "2017", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "2017", }, ], sources: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2017", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-7533", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported these issues.", sources: [ { db: "BID", id: "103399", }, ], trust: 0.3, }, cve: "CVE-2018-7533", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2018-7533", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2018-05302", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "e2e59b81-39ab-11e9-a837-000c29342cb1", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.2, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-7533", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-7533", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2018-05302", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201803-453", trust: 0.6, value: "HIGH", }, { author: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", trust: 0.2, value: "HIGH", }, ], }, ], sources: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. OSIsoft PI Data Archive Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible", sources: [ { db: "NVD", id: "CVE-2018-7533", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "CNVD", id: "CNVD-2018-05302", }, { db: "BID", id: "103399", }, { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-7533", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-18-072-02", trust: 3.3, }, { db: "BID", id: "103399", trust: 1.9, }, { db: "CNVD", id: "CNVD-2018-05302", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-453", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2018-003017", trust: 0.8, }, { db: "IVD", id: "E2E59B81-39AB-11E9-A837-000C29342CB1", trust: 0.2, }, ], sources: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, id: "VAR-201803-2222", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, ], trust: 1.2761904800000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, ], }, last_update_date: "2023-12-18T13:28:58.608000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, { title: "Patch for OSIsoft PI Data Archive Privilege Escalation Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/121505", }, { title: "OSIsoft PI Data Archive Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79103", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05302", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-276", trust: 1, }, { problemtype: "CWE-275", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/103399", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7533", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-7533", }, { trust: 0.3, url: "https://www.osisoft.com/default.aspx", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05302", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05302", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003017", }, { db: "NVD", id: "CVE-2018-7533", }, { db: "CNNVD", id: "CNNVD-201803-453", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "IVD", id: "e2e59b81-39ab-11e9-a837-000c29342cb1", }, { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05302", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003017", }, { date: "2018-03-14T18:29:00.780000", db: "NVD", id: "CVE-2018-7533", }, { date: "2018-03-14T00:00:00", db: "CNNVD", id: "CNNVD-201803-453", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05302", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003017", }, { date: "2019-10-09T23:42:23.970000", db: "NVD", id: "CVE-2018-7533", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201803-453", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-201803-453", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive Permissions vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-003017", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201803-453", }, ], trust: 0.6, }, }
var-201803-2219
Vulnerability from variot
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. Attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2219", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "lte", trust: 1.8, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "eq", trust: 0.9, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2017", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive r2", scope: "ne", trust: 0.3, vendor: "osisoft", version: "2017", }, { model: "data archive", scope: "eq", trust: 0.2, vendor: "pi", version: "*", }, ], sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2017", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:2017:r2:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-7529", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported these issues.", sources: [ { db: "BID", id: "103399", }, ], trust: 0.3, }, cve: "CVE-2018-7529", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.8, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-7529", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2018-05303", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "e2e59b80-39ab-11e9-b243-000c29342cb1", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.2, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-7529", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-7529", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2018-05303", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201803-455", trust: 0.6, value: "HIGH", }, { author: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", trust: 0.2, value: "HIGH", }, ], }, ], sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. OSIsoft PI Data Archive is a highly efficient storage and archiving component for high performance data retrieval through client software. \nAttackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions; other attacks may also be possible", sources: [ { db: "NVD", id: "CVE-2018-7529", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "CNVD", id: "CNVD-2018-05303", }, { db: "BID", id: "103399", }, { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-7529", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-18-072-02", trust: 3.3, }, { db: "BID", id: "103399", trust: 1.9, }, { db: "CNVD", id: "CNVD-2018-05303", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-455", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2018-003015", trust: 0.8, }, { db: "IVD", id: "E2E59B80-39AB-11E9-B243-000C29342CB1", trust: 0.2, }, ], sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, id: "VAR-201803-2219", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, ], trust: 1.41309524, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, ], }, last_update_date: "2023-12-18T13:28:58.569000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, { title: "Patch for OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/121507", }, { title: "OSIsoft PI Data Archive Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79105", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05303", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-502", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-18-072-02", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/103399", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7529", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-7529", }, { trust: 0.3, url: "https://www.osisoft.com/default.aspx", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-05303", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNVD", id: "CNVD-2018-05303", }, { db: "BID", id: "103399", }, { db: "JVNDB", id: "JVNDB-2018-003015", }, { db: "NVD", id: "CVE-2018-7529", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05303", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003015", }, { date: "2018-03-14T18:29:00.670000", db: "NVD", id: "CVE-2018-7529", }, { date: "2018-03-14T00:00:00", db: "CNNVD", id: "CNNVD-201803-455", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-14T00:00:00", db: "CNVD", id: "CNVD-2018-05303", }, { date: "2018-03-13T00:00:00", db: "BID", id: "103399", }, { date: "2018-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2018-003015", }, { date: "2019-10-09T23:42:23.503000", db: "NVD", id: "CVE-2018-7529", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201803-455", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-455", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive Vulnerable to unreliable data deserialization", sources: [ { db: "JVNDB", id: "JVNDB-2018-003015", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Code problem", sources: [ { db: "IVD", id: "e2e59b80-39ab-11e9-b243-000c29342cb1", }, { db: "CNNVD", id: "CNNVD-201803-455", }, ], trust: 0.8, }, }
var-201708-1392
Vulnerability from variot
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1392", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "pi data archive", scope: "lte", trust: 1, vendor: "osisoft", version: "3.4.410.1256", }, { model: "pi data archive", scope: "lt", trust: 0.8, vendor: "osisoft", version: "2017", }, { model: "pi data archive", scope: "lte", trust: 0.6, vendor: "osisoft", version: "<=2017", }, { model: "pi data archive", scope: "eq", trust: 0.6, vendor: "osisoft", version: "3.4.410.1256", }, { model: "pi server", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20170", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20163.4.400.1162", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20153.4.395.64", }, { model: "pi data archive", scope: "eq", trust: 0.3, vendor: "osisoft", version: "20120", }, { model: "pi data archive", scope: "ne", trust: 0.3, vendor: "osisoft", version: "2017", }, { model: null, scope: "eq", trust: 0.2, vendor: "pi data archive", version: "*", }, ], sources: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.4.410.1256", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-7934", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "99059", }, ], trust: 0.3, }, cve: "CVE-2017-7934", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-7934", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "CNVD-2017-16358", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.2, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 5.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-7934", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-7934", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2017-16358", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201704-926", trust: 0.6, value: "MEDIUM", }, { author: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", trust: 0.2, value: "MEDIUM", }, ], }, ], sources: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. The OSIsoft PI Server has a certification bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2017-7934", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "CNVD", id: "CNVD-2017-16358", }, { db: "BID", id: "99059", }, { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7934", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-17-164-02", trust: 2.7, }, { db: "BID", id: "99059", trust: 2.5, }, { db: "CNVD", id: "CNVD-2017-16358", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201704-926", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-007337", trust: 0.8, }, { db: "IVD", id: "10CF70CA-8BF0-47ED-BE97-F716CDFEA1B0", trust: 0.2, }, ], sources: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, id: "VAR-201708-1392", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, ], trust: 1.2761904800000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, ], }, last_update_date: "2023-12-18T12:19:33.929000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "AL00315 - OSIsoft releases security updates in PI Server 2017", trust: 0.8, url: "https://techsupport.osisoft.com/troubleshooting/alerts/al00315", }, { title: "Patch for OSIsoft PI Server Authentication Bypass Vulnerability (CNVD-2017-16358)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/98750", }, { title: "OSIsoft PI Server 2017 PI Data Archive PI Network Manager Remediation measures for authorization problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99741", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-16358", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.7, url: "https://ics-cert.us-cert.gov/advisories/icsa-17-164-02", }, { trust: 2.2, url: "http://www.securityfocus.com/bid/99059", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7934", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7934", }, { trust: 0.3, url: "https://techsupport.osisoft.com", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-16358", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { db: "CNVD", id: "CNVD-2017-16358", }, { db: "BID", id: "99059", }, { db: "JVNDB", id: "JVNDB-2017-007337", }, { db: "NVD", id: "CVE-2017-7934", }, { db: "CNNVD", id: "CNNVD-201704-926", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-25T00:00:00", db: "IVD", id: "10cf70ca-8bf0-47ed-be97-f716cdfea1b0", }, { date: "2017-07-25T00:00:00", db: "CNVD", id: "CNVD-2017-16358", }, { date: "2017-06-13T00:00:00", db: "BID", id: "99059", }, { date: "2017-09-19T00:00:00", db: "JVNDB", id: "JVNDB-2017-007337", }, { date: "2017-08-25T19:29:00.380000", db: "NVD", id: "CVE-2017-7934", }, { date: "2017-04-20T00:00:00", db: "CNNVD", id: "CNNVD-201704-926", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-25T00:00:00", db: "CNVD", id: "CNVD-2017-16358", }, { date: "2017-06-13T00:00:00", db: "BID", id: "99059", }, { date: "2017-09-19T00:00:00", db: "JVNDB", id: "JVNDB-2017-007337", }, { date: "2019-10-09T23:30:00.890000", db: "NVD", id: "CVE-2017-7934", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201704-926", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201704-926", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Server 2017 PI Data Archive Authentication vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-007337", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-201704-926", }, ], trust: 0.6, }, }
var-202007-0023
Vulnerability from variot
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data.
OSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0023", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "data archive", scope: "eq", trust: 1, vendor: "pi", version: "2018", }, { model: "pi data archive", scope: null, trust: 0.8, vendor: "osisoft", version: null, }, { model: "pi data archive", scope: "eq", trust: 0.6, vendor: "osisoft", version: "2018", }, { model: "pi data archive sp2", scope: "eq", trust: 0.6, vendor: "osisoft", version: "2018", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:pi:data_archive:2018:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pi:data_archive:2018:sp2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10602", }, ], }, cve: "CVE-2020-10602", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-008999", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CNVD-2020-52465", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-008999", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10602", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-008999", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-52465", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202005-684", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, { db: "CNNVD", id: "CNNVD-202005-684", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. OSIsoft PI Data Archive To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. This component is mainly used to archive and store configuration information and time series data. \n\r\n\r\nOSIsoft PI Data Archive 2018 version and 2018 SP2 version have code issue vulnerabilities", sources: [ { db: "NVD", id: "CVE-2020-10602", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "CNVD", id: "CNVD-2020-52465", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10602", trust: 3, }, { db: "ICS CERT", id: "ICSA-20-133-02", trust: 3, }, { db: "JVN", id: "JVNVU94872807", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-008999", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-52465", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1679", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-684", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, { db: "CNNVD", id: "CNNVD-202005-684", }, ], }, id: "VAR-202007-0023", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, ], trust: 1.3420634933333333, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, ], }, last_update_date: "2023-12-18T11:30:42.525000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.osisoft.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008999", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-476", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10602", }, { trust: 1.2, url: "https://www.us-cert.gov/ics/advisories/icsa-20-133-02", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10602", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu94872807/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1679/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-52465", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, { db: "CNNVD", id: "CNNVD-202005-684", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-52465", }, { db: "JVNDB", id: "JVNDB-2020-008999", }, { db: "NVD", id: "CVE-2020-10602", }, { db: "CNNVD", id: "CNNVD-202005-684", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-17T00:00:00", db: "CNVD", id: "CNVD-2020-52465", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-008999", }, { date: "2020-07-24T23:15:11.753000", db: "NVD", id: "CVE-2020-10602", }, { date: "2020-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202005-684", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-17T00:00:00", db: "CNVD", id: "CNVD-2020-52465", }, { date: "2020-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2020-008999", }, { date: "2020-08-05T17:44:12.463000", db: "NVD", id: "CVE-2020-10602", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202005-684", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202005-684", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OSIsoft PI Data Archive In NULL Pointer dereference vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2020-008999", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202005-684", }, ], trust: 0.6, }, }
cve-2020-10600
Vulnerability from cvelistv5
Published
2020-07-24 23:01
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSIsoft | PI Data Archive |
Version: unspecified < 2018 SP2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "PI Data Archive", vendor: "OSIsoft", versions: [ { lessThan: "2018 SP2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft", }, ], datePublic: "2020-06-09T00:00:00", descriptions: [ { lang: "en", value: "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL POINTER DEREFERENCE CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-27T21:25:23", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, ], solutions: [ { lang: "en", value: "Fully configure Windows authentication for the PI System and disable legacy authentication methods. For a starting point on PI System security best practices, see knowledge base article KB00833 -Seven best practices for securing your PI Server. (https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833)", }, ], source: { advisory: "ICSA-20-133-02 OSIsoft PI System", discovery: "EXTERNAL", }, title: "OSIsoft PI System", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2020-06-09T00:00:00.000Z", ID: "CVE-2020-10600", STATE: "PUBLIC", TITLE: "OSIsoft PI System", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PI Data Archive", version: { version_data: [ { version_affected: "<", version_value: "2018 SP2", }, ], }, }, ], }, vendor_name: "OSIsoft", }, ], }, }, credit: [ { lang: "eng", value: "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "NULL POINTER DEREFERENCE CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", }, ], }, solution: [ { lang: "en", value: "Fully configure Windows authentication for the PI System and disable legacy authentication methods. For a starting point on PI System security best practices, see knowledge base article KB00833 -Seven best practices for securing your PI Server. (https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833)", }, ], source: { advisory: "ICSA-20-133-02 OSIsoft PI System", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-10600", datePublished: "2020-07-24T23:01:05.997100Z", dateReserved: "2020-03-16T00:00:00", dateUpdated: "2024-09-16T19:20:28.875Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }