PT-2020-12244 · Opto 22 · Softpac Project
Published
2020-05-14
·
Updated
2020-05-18
·
CVE-2020-10616
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Opto 22 SoftPAC Project versions 9.6 and prior
Description
The issue arises because SoftPAC does not specify the path of multiple imported .dll files, allowing an attacker to replace them and execute code whenever the service starts.
Recommendations
For versions 9.6 and prior, consider specifying the full path for all imported .dll files to prevent unauthorized replacements. As a temporary workaround, restrict access to the directory containing the .dll files to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Softpac Project