Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2020-05-14 21:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-10616
Mitre link : CVE-2020-10616
CVE.ORG link : CVE-2020-10616
JSON object : View
Products Affected
opto22
- softpac_project
CWE
CWE-427
Uncontrolled Search Path Element