Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.us-cert.gov/ics/advisories/icsa-20-135-01 - Third Party Advisory, US Government Resource |
Information
Published : 2020-05-14 21:15
Updated : 2024-11-21 04:59
NVD link : CVE-2020-12046
Mitre link : CVE-2020-12046
CVE.ORG link : CVE-2020-12046
JSON object : View
Products Affected
opto22
- softpac_project
CWE
CWE-347
Improper Verification of Cryptographic Signature