PT-2020-12248 · Opto 22 · Softpac

Published

2020-05-14

Updated

2020-05-18

CVE-2020-10620

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Opto 22 SoftPAC Project versions 9.6 and prior

Description The issue allows an attacker with network access to directly communicate with SoftPAC, including stopping the service remotely, because SoftPAC communication does not include any credentials.

Recommendations For versions 9.6 and prior, consider restricting network access to SoftPAC to minimize the risk of exploitation until a patch is available.

Fix

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

CVE-2020-10620

Affected Products

Softpac

PT-2020-12248 · Opto 22 · Softpac

CVE-2020-10620

Weakness Enumeration

Related Identifiers

Affected Products

References · 3