CVE-2020-10606 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-10606 PUBLISHED CVSS 7.800000190734863 HIGH

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.

EPSS 0.06% · 18.0th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.06%

18.0th percentile

Affected Products

Vendor	Product	Versions
n/a	OSIsoft PI System multiple products and versions	OSIsoft PI System multiple products and versions
osisoft	pi_api	0, 0
osisoft	pi_connector	0, 0, 0
osisoft	pi_connector_relay	0
osisoft	pi_to_ocs	0
osisoft	pi_integrator	0
osisoft	pi_interface_configuration_utility	0
osisoft	pi_buffer_subsystem	0
osisoft	pi_data_collection_manager	0
osisoft	pi_data_archive	0

Timeline

May 12, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

Open in Interactive Console →