Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2020-05-14 21:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-12046
Mitre link : CVE-2020-12046
CVE.ORG link : CVE-2020-12046
JSON object : View
Products Affected
opto22
- softpac_project
CWE
CWE-347
Improper Verification of Cryptographic Signature