PT-2020-13009 · Opto 22 · Softpac Project
Published
2020-05-14
·
Updated
2020-05-18
·
CVE-2020-12042
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Opto 22 SoftPAC Project versions 9.6 and prior
Description
The issue arises from unsanitized paths within zip files used for updating SoftPAC firmware, allowing an attacker with user privileges to gain arbitrary file write access with system access.
Recommendations
For versions 9.6 and prior, update to a version later than 9.6 to resolve the issue.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Softpac Project