osisoft pi_api 对搜索路径元素未加控制

admin

0
文章

0
评论

2023-12-01 20:23:11 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

osisoft pi_api 对搜索路径元素未加控制

CVE编号

CVE-2020-10610

利用情况

暂无

补丁情况

N/A

披露时间

2020-07-25

漏洞描述

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	osisoft	pi_api	*		Up to (including) 1.6.8.26
	运行在以下环境
	应用	osisoft	pi_api	*		Up to (including) 2.0.2.5
	运行在以下环境
	应用	osisoft	pi_buffer_subsystem	*		Up to (including) 4.8.0.18
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.0.0.54
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.1.0.10
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.2.0.42
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.2.0.6
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.2.1.71
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.2.2.79
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.3.0.1
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.3.0.130
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.3.1.135
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.4.0.17
	运行在以下环境
	应用	osisoft	pi_connector	*		Up to (including) 1.5.0.88
	运行在以下环境
	应用	osisoft	pi_connector_relay	*		Up to (including) 2.5.19.0
	运行在以下环境
	应用	osisoft	pi_data_archive	*		Up to (including) 3.4.430.460
	运行在以下环境
	应用	osisoft	pi_data_collection_manager	*		Up to (including) 2.5.19.0
	运行在以下环境
	应用	osisoft	pi_integrator	*		Up to (including) 2.2.0.183
	运行在以下环境
	应用	osisoft	pi_interface_configuration_utility	*		Up to (including) 1.5.0.7
	运行在以下环境
	应用	osisoft	pi_to_ocs	*		Up to (including) 1.1.36.0