{"containers": {"cna": {"affected": [{"product": "OSIsoft PI System multiple products and versions", "vendor": "n/a", "versions": [{"status": "affected", "version": "OSIsoft PI System multiple products and versions"}]}], "descriptions": [{"lang": "en", "value": "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-24T22:42:39", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-10610", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OSIsoft PI System multiple products and versions", "version": {"version_data": [{"version_value": "OSIsoft PI System multiple products and versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:10.091Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-10610", "datePublished": "2020-07-24T22:42:39", "dateReserved": "2020-03-16T00:00:00", "dateUpdated": "2024-08-04T11:06:10.091Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B554C-447F-4C1B-838F-A6E8F690F6A6", "versionEndIncluding": "1.6.8.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_api:*:*:*:*:*:windows_integrated_security:*:*", "matchCriteriaId": "EDCD07A7-9079-444E-8AF0-EDD2CE8CEED4", "versionEndIncluding": "2.0.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_buffer_subsystem:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A895F35-CC2E-4B74-99E7-5801C4276336", "versionEndIncluding": "4.8.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ping:*:*", "matchCriteriaId": "19394A8B-C47C-4A1C-8D73-B2FAE624B504", "versionEndIncluding": "1.0.0.54", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ethernet\\/ip:*:*", "matchCriteriaId": "E0889A10-FEFA-422A-81C6-33595076D5B9", "versionEndIncluding": "1.1.0.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:bacnet:*:*", "matchCriteriaId": "F024275D-CC0D-40A6-8618-B8C2BCAC3453", "versionEndIncluding": "1.2.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:dc_systems_rtscada:*:*", "matchCriteriaId": "1634EED8-EE12-4F24-9D79-2108906D5941", "versionEndIncluding": "1.2.0.42", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:siemens_simatic_pcs_7:*:*", "matchCriteriaId": "3E4CA46D-C31A-4052-B3F1-755DC273D662", "versionEndIncluding": "1.2.1.71", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:iec_60870-5-104:*:*", "matchCriteriaId": "24376704-9C47-4BE7-AB95-1E5E194AD5A9", "versionEndIncluding": "1.2.2.79", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:hart-ip:*:*", "matchCriteriaId": "DB0A663F-3C53-43CF-AE8B-C2FD93AE0547", "versionEndIncluding": "1.3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:opc-ua:*:*", "matchCriteriaId": "DC780244-6475-4051-A901-02CF37CD80DC", "versionEndIncluding": "1.3.0.130", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:ufl:*:*", "matchCriteriaId": "9912030A-5A3C-4254-B440-D3D8C47432A9", "versionEndIncluding": "1.3.1.135", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:cygnet:*:*", "matchCriteriaId": "56274097-C75B-48BB-AA8A-C1213BCD1F37", "versionEndIncluding": "1.4.0.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector:*:*:*:*:*:wonderware_historian:*:*", "matchCriteriaId": "EEB864E3-549D-4B2D-B89F-74E2F2454BEC", "versionEndIncluding": "1.5.0.88", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_connector_relay:*:*:*:*:*:*:*:*", "matchCriteriaId": "474D5BE5-759E-4760-A4CC-661019379A47", "versionEndIncluding": "2.5.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_data_archive:*:*:*:*:*:*:*:*", "matchCriteriaId": "A918A5B9-40B4-4B00-A9F3-5F2F551447B5", "versionEndIncluding": "3.4.430.460", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_data_collection_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C99F2BBE-D5E7-4F6F-B03F-1250F9D31542", "versionEndIncluding": "2.5.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_integrator:*:*:*:*:*:business_analytics:*:*", "matchCriteriaId": "31D2D676-90D7-4516-BCDB-86DE0F34B43B", "versionEndIncluding": "2.2.0.183", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_interface_configuration_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "23B33817-C61B-4369-A5B0-A9CAA6E83C62", "versionEndIncluding": "1.5.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:osisoft:pi_to_ocs:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0D626AC-1990-4885-AEEB-8E897D6A9FF9", "versionEndIncluding": "1.1.36.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification."}, {"lang": "es", "value": "En m\u00faltiples productos y versiones de OSIsoft PI System, un atacante local puede modificar una ruta de b\u00fasqueda y plantar un binario para explotar el software de PI System afectado para tomar el control de la computadora local en el nivel de privilegio system de Windows, resultando en una divulgaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de informaci\u00f3n no autorizada"}], "id": "CVE-2020-10610", "lastModified": "2021-12-21T12:46:15.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-24T23:15:11.940", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}