8 Cybersecurity Themes to Expect at Black Hat USA 2020

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-10604
PUBLISHED: 2020-07-25

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.

CVE-2020-10614
PUBLISHED: 2020-07-25

In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.

CVE-2020-12812
PUBLISHED: 2020-07-24

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

CVE-2020-10600
PUBLISHED: 2020-07-24

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive.

CVE-2020-10602
PUBLISHED: 2020-07-24

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive.

Read More HERE

Leave a Reply