CVE-2020-10608 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-10608 PUBLISHED CVSS 7.800000190734863 HIGH

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

EPSS 0.03% · 8.8th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.03%

8.8th percentile

Affected Products

Vendor	Product	Versions
osisoft	pi_connector	0, 0, 0
osisoft	pi_integrator	0
osisoft	pi_data_archive	0
osisoft	pi_to_ocs	0
osisoft	pi_connector_relay	0
osisoft	pi_data_collection_manager	0
n/a	OSIsoft PI System multiple products and versions	OSIsoft PI System multiple products and versions
osisoft	pi_buffer_subsystem	0
osisoft	pi_interface_configuration_utility	0
osisoft	pi_api	0, 0

Timeline

May 12, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

Open in Interactive Console →