Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | Third Party Advisory US Government Resource |
Configurations
Information
Published : 2020-05-14 14:15
Updated : 2020-05-17 17:56
NVD link : CVE-2020-12046
Mitre link : CVE-2020-12046
JSON object : View
CWE
CWE-347
Improper Verification of Cryptographic Signature
Products Affected
opto22
- softpac_project