CVE-2020-10604

{"id": "CVE-2020-10604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-25T00:15:12.047", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-248"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive."}, {"lang": "es", "value": "En m\u00faltiples productos y versiones de OSIsoft PI System, un atacante no autenticado remoto podr\u00eda bloquear el servicio PI Network Manager por medio de peticiones especialmente dise\u00f1adas. Esto puede resultar en un bloqueo de conexiones y consultas hacia PI Data Archive"}], "lastModified": "2024-11-21T04:55:40.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:osisoft:pi_data_archive:2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63C6A570-022D-4C08-9FDD-D08D20CC8D28"}, {"criteria": "cpe:2.3:a:osisoft:pi_data_archive:2018:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84660314-99C6-4E93-83F5-068EDFD0D189"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}