admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-27 22:01:22 +00:00
parent 6e7c45e1c4
commit 9241279716
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 144 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2020/10xxx/CVE-2020-10600.json
View File

@ -1,35 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10600",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
"ID": "CVE-2020-10600",
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI System"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI System multiple products and versions",
"product_name": "PI Data Archive",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI System multiple products and versions"
"version_affected": "<",
"version_value": "2018 SP2"
}
]
}
}
]
}
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -46,17 +82,19 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive."
}
]
"solution": [
{
"lang": "eng",
"value": "Fully configure Windows authentication for the PI System and disable legacy authentication methods. For a starting point on PI System security best practices, see knowledge base article KB00833 -Seven best practices for securing your PI Server. (https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833)"
}
],
"source": {
"advisory": "ICSA-20-133-02 OSIsoft PI System",
"discovery": "EXTERNAL"
}
}

94
2020/10xxx/CVE-2020-10643.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
"ID": "CVE-2020-10643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI System"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Vision",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Limit write access to PI Vision displays to trusted users. \n"
}
],
"source": {
"advisory": "ICSA-20-133-02 OSIsoft PI System",
"discovery": "EXTERNAL"
}
}

5
2020/11xxx/CVE-2020-11543.json
View File

@ -57,11 +57,6 @@
"name": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/",
"url": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/"
},
{
"refsource": "CONFIRM",
"name": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/",
"url": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/"
},
{
"refsource": "CONFIRM",
"name": "https://docs.opsramp.com/about/release-notes/summer-2020-update/#simplified-gateway-appliance-accounts",