Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
Information
Published : 2020-05-14 14:15
Updated : 2020-05-17 17:55
NVD link : CVE-2020-12042
Mitre link : CVE-2020-12042
JSON object : View
CWE
CWE-347
Improper Verification of Cryptographic Signature
Products Affected
opto22
- softpac_project