CVE-2020-12046

Published: May 14, 2020Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.

Affected (1)

Products: Opto22: Softpac Project

Opto22

1 product

Softpac Project

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opto22 Softpac Project	Up to 9.6

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-135-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-135-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.