Main Vulnerability Database Vulnerabilities #VU34126

Input validation error in PI Data Archive - CVE-2020-10604

Published: July 25, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34126

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-10604

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PI Data Archive

Software vendor:
OSIsoft

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.

Remediation

Install update from vendor's website.

External links

https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02

Input validation error in PI Data Archive - CVE-2020-10604

Description

Remediation

External links

Please verify you're human