Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2020-05-14 21:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-12042
Mitre link : CVE-2020-12042
CVE.ORG link : CVE-2020-12042
JSON object : View
Products Affected
opto22
- softpac_project
CWE
CWE-347
Improper Verification of Cryptographic Signature