CVE-2020-10643 : Security Advisory and Response
Learn about CVE-2020-10643 affecting OSIsoft PI System. Find out the impact, affected systems, and mitigation steps to secure PI Vision from this vulnerability.
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
Understanding CVE-2020-10643
OSIsoft PI System vulnerability impacting PI Vision.
What is CVE-2020-10643?
This CVE involves an authenticated remote attacker exploiting PI Vision 2019 to direct users to a compromised web page via manipulated URLs.
The Impact of CVE-2020-10643
- CVSS Base Score: 6.5 (Medium Severity)
- Confidentiality Impact: High
- Attack Vector: Network
- User Interaction: Required
Technical Details of CVE-2020-10643
Vulnerability specifics and affected systems.
Vulnerability Description
- CWE-79: Improper Neutralization of Input during Web Page Generation (Cross-Site Scripting)
Affected Systems and Versions
- Product: PI Vision
- Vendor: OSIsoft
- Versions Affected: <= 2019 (unspecified)
Exploitation Mechanism
- Attack Complexity: Low
- Privileges Required: None
- Scope: Unchanged
Mitigation and Prevention
Protective measures and solutions for CVE-2020-10643.
Immediate Steps to Take
- Limit write access to PI Vision displays to trusted users.
Long-Term Security Practices
- Regularly update and patch PI Vision to mitigate vulnerabilities.
- Educate users on safe browsing practices.
Patching and Updates
Stay informed about security advisories and apply patches promptly.