CVE-2020-10612

Name of the Vulnerable Software and Affected Versions Opto 22 SoftPAC Project Version 9.6 and prior

Description The issue affects the communication between SoftPACAgent and SoftPACMonitor over network Port 22000, which is open without restrictions. This allows an attacker with network access to control the SoftPACAgent service, including updating SoftPAC firmware, starting or stopping the service, or writing to certain registry values.

Recommendations For Opto 22 SoftPAC Project Version 9.6 and prior, restrict access to network Port 22000 to prevent unauthorized control of the SoftPACAgent service. Consider implementing firewall rules or network access controls to limit access to this port. Additionally, monitor the SoftPACAgent service for any suspicious activity, such as unauthorized firmware updates or changes to registry values.