PT-2020-13012 · Opto 22 · Opto 22 Softpac Project

Published

2020-05-14

Updated

2020-05-18

CVE-2020-12046

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Opto 22 SoftPAC Project versions 9.6 and prior

Description The issue concerns the lack of verification of firmware files' signatures during updates, allowing an attacker to replace legitimate firmware files with malicious ones.

Recommendations For versions 9.6 and prior, update to a version that verifies firmware files' signatures upon update to prevent malicious file replacement.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2020-12046

Affected Products

Opto 22 Softpac Project

PT-2020-13012 · Opto 22 · Opto 22 Softpac Project

CVE-2020-12046

Weakness Enumeration

Related Identifiers

Affected Products

References · 3