Lucene search

IcscertCVELIST:CVE-2020-10600

HistoryJul 24, 2020 - 11:01 p.m.

CVE-2020-10600 OSIsoft PI System

2020-07-2423:01:05

CWE-476

icscert

www.cve.org

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).

CNA Affected

[
  {
    "product": "PI Data Archive",
    "vendor": "OSIsoft",
    "versions": [
      {
        "lessThan": "2018 SP2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-133-02

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Related for CVELIST:CVE-2020-10600