7.1
CVE-2020-10600
- EPSS 0.84%
- Veröffentlicht 24.07.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:55:40
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginOSIsoft PI System
An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Osisoft ≫ Pi Data Archive Version <= 2019
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:P
|
| ics-cert@hq.dhs.gov | 5.9 | 1.6 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02