CVE Vulnerabilities

CVE-2020-10608

Improper Verification of Cryptographic Signature

Published: Jul 24, 2020 | Modified: Aug 05, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Pi_api Osisoft * 1.6.8.26 (including)
Pi_api Osisoft * 2.0.2.5 (including)
Pi_buffer_subsystem Osisoft * 4.8.0.18 (including)
Pi_connector Osisoft * 1.0.0.54 (including)
Pi_connector Osisoft * 1.1.0.10 (including)
Pi_connector Osisoft * 1.2.0.6 (including)
Pi_connector Osisoft * 1.2.0.42 (including)
Pi_connector Osisoft * 1.2.1.71 (including)
Pi_connector Osisoft * 1.2.2.79 (including)
Pi_connector Osisoft * 1.3.0.1 (including)
Pi_connector Osisoft * 1.3.0.130 (including)
Pi_connector Osisoft * 1.3.1.135 (including)
Pi_connector Osisoft * 1.4.0.17 (including)
Pi_connector Osisoft * 1.5.0.88 (including)
Pi_connector_relay Osisoft * 2.5.19.0 (including)
Pi_data_archive Osisoft * 3.4.430.460 (including)
Pi_data_collection_manager Osisoft * 2.5.19.0 (including)
Pi_integrator Osisoft * 2.2.0.183 (including)
Pi_interface_configuration_utility Osisoft * 1.5.0.7 (including)
Pi_to_ocs Osisoft * 1.1.36.0 (including)

References