VDB

CVE-2020-10608

CVE-2020-10608 PUBLISHED CVSS 7.800000190734863 HIGH

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

EPSS 0.03% · 9.3th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.03%
9.3th percentile

Affected Products

VendorProductVersions
osisoftpi_connector0, 0, 0
osisoftpi_integrator0
osisoftpi_data_archive0
osisoftpi_to_ocs0
osisoftpi_connector_relay0
osisoftpi_data_collection_manager0
n/aOSIsoft PI System multiple products and versionsOSIsoft PI System multiple products and versions
osisoftpi_buffer_subsystem0
osisoftpi_interface_configuration_utility0
osisoftpi_api0, 0

Timeline

  • May 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›