Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
24 vulnerabilities by opto22
CVE-2025-13087 (GCVE-0-2025-13087)
Vulnerability from cvelistv5 – Published: 2025-11-20 21:32 – Updated: 2025-11-21 16:01
VLAI
Title
Command Injection in Opto22 Groov REST API
Summary
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto22 | GRV-EPIC-PR1 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | GRV-EPIC-PR2 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-MM1001-10 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-MM2001-10 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-I1VAPM-3 |
Affected:
0 , < 4.0.3
(custom)
|
Date Public
2025-11-20 20:35
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:01:30.468009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:01:40.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM1001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM2001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-I1VAPM-3",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ismail Aydemir of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"datePublic": "2025-11-20T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:32:37.510Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-03"
},
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91326"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91326\"\u003ehere\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91326 ."
}
],
"source": {
"advisory": "ICSA-25-324-03",
"discovery": "EXTERNAL"
},
"title": "Command Injection in Opto22 Groov REST API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13087",
"datePublished": "2025-11-20T21:32:37.510Z",
"dateReserved": "2025-11-12T19:41:06.455Z",
"dateUpdated": "2025-11-21T16:01:40.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-10620 (GCVE-0-2020-10620)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:39 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
Severity
No CVSS data available.
CWE
- CWE-285 - IMPROPER AUTHORIZATION CWE-285
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "IMPROPER AUTHORIZATION CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:39:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHORIZATION CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10620",
"datePublished": "2020-05-14T20:39:13.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10616 (GCVE-0-2020-10616)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:36 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
Severity
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:36:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10616",
"datePublished": "2020-05-14T20:36:36.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10612 (GCVE-0-2020-10612)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:33 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:33:57.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10612",
"datePublished": "2020-05-14T20:33:57.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:09.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12046 (GCVE-0-2020-12046)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:30 – Updated: 2024-08-04 11:48
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
Severity
No CVSS data available.
CWE
- CWE-347 - IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:30:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12046",
"datePublished": "2020-05-14T20:30:55.000Z",
"dateReserved": "2020-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:57.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12042 (GCVE-0-2020-12042)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:28 – Updated: 2024-08-04 11:48
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.
Severity
No CVSS data available.
CWE
- CWE-347 - IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:28:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12042",
"datePublished": "2020-05-14T20:28:03.000Z",
"dateReserved": "2020-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:57.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1006 (GCVE-0-2015-1006)
Vulnerability from cvelistv5 – Published: 2019-05-10 13:47 – Updated: 2024-08-06 04:26
VLAI
Summary
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
Severity
No CVSS data available.
CWE
- CWE-121 - Heap-based buffer overflow CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4f
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4f
|
|
| Opto 22 | OptoOPCServer |
Affected:
< R9.4c
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer
Affected: versions prior to R9.4006 |
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4c"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer"
},
{
"status": "affected",
"version": "versions prior to R9.4006"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Heap-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T13:47:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4c"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer"
},
{
"version_value": "versions prior to R9.4006"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1006",
"datePublished": "2019-05-10T13:47:27.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1007 (GCVE-0-2015-1007)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:38 – Updated: 2024-08-06 04:26
VLAI
Summary
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based buffer overflow CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4g
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4g
|
|
| Opto 22 | OptoOPCServer |
Affected:
R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008
|
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1007",
"datePublished": "2019-03-25T18:38:25.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14807 (GCVE-0-2018-14807)
Vulnerability from cvelistv5 – Published: 2018-10-18 21:00 – Updated: 2024-09-17 00:26
VLAI
Summary
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.opto22.com/support/resources-tools/kn… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Control Basic and PAC Control Professional |
Affected:
Versions R10.0a and prior
|
Date Public
2018-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Control Basic and PAC Control Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "Versions R10.0a and prior"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-04T00:00:00",
"ID": "CVE-2018-14807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Control Basic and PAC Control Professional",
"version": {
"version_data": [
{
"version_value": "Versions R10.0a and prior"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547",
"refsource": "CONFIRM",
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14807",
"datePublished": "2018-10-18T21:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:04.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13087 (GCVE-0-2025-13087)
Vulnerability from nvd – Published: 2025-11-20 21:32 – Updated: 2025-11-21 16:01
VLAI
Title
Command Injection in Opto22 Groov REST API
Summary
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto22 | GRV-EPIC-PR1 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | GRV-EPIC-PR2 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-MM1001-10 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-MM2001-10 |
Affected:
0 , < 4.0.3
(custom)
|
|
| Opto22 | groov RIO GRV-R7-I1VAPM-3 |
Affected:
0 , < 4.0.3
(custom)
|
Date Public
2025-11-20 20:35
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:01:30.468009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:01:40.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM1001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM2001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-I1VAPM-3",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ismail Aydemir of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"datePublic": "2025-11-20T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:32:37.510Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-03"
},
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91326"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91326\"\u003ehere\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91326 ."
}
],
"source": {
"advisory": "ICSA-25-324-03",
"discovery": "EXTERNAL"
},
"title": "Command Injection in Opto22 Groov REST API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13087",
"datePublished": "2025-11-20T21:32:37.510Z",
"dateReserved": "2025-11-12T19:41:06.455Z",
"dateUpdated": "2025-11-21T16:01:40.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-10620 (GCVE-0-2020-10620)
Vulnerability from nvd – Published: 2020-05-14 20:39 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
Severity
No CVSS data available.
CWE
- CWE-285 - IMPROPER AUTHORIZATION CWE-285
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "IMPROPER AUTHORIZATION CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:39:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHORIZATION CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10620",
"datePublished": "2020-05-14T20:39:13.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10616 (GCVE-0-2020-10616)
Vulnerability from nvd – Published: 2020-05-14 20:36 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
Severity
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:36:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10616",
"datePublished": "2020-05-14T20:36:36.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10612 (GCVE-0-2020-10612)
Vulnerability from nvd – Published: 2020-05-14 20:33 – Updated: 2024-08-04 11:06
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:33:57.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10612",
"datePublished": "2020-05-14T20:33:57.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:09.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12046 (GCVE-0-2020-12046)
Vulnerability from nvd – Published: 2020-05-14 20:30 – Updated: 2024-08-04 11:48
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
Severity
No CVSS data available.
CWE
- CWE-347 - IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:30:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12046",
"datePublished": "2020-05-14T20:30:55.000Z",
"dateReserved": "2020-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:57.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12042 (GCVE-0-2020-12042)
Vulnerability from nvd – Published: 2020-05-14 20:28 – Updated: 2024-08-04 11:48
VLAI
Summary
Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.
Severity
No CVSS data available.
CWE
- CWE-347 - IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-135-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Opto 22 SoftPAC Project |
Affected:
SoftPAC Project Version 9.6 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Opto 22 SoftPAC Project",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftPAC Project Version 9.6 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:28:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12042",
"datePublished": "2020-05-14T20:28:03.000Z",
"dateReserved": "2020-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:57.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1006 (GCVE-0-2015-1006)
Vulnerability from nvd – Published: 2019-05-10 13:47 – Updated: 2024-08-06 04:26
VLAI
Summary
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
Severity
No CVSS data available.
CWE
- CWE-121 - Heap-based buffer overflow CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4f
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4f
|
|
| Opto 22 | OptoOPCServer |
Affected:
< R9.4c
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer
Affected: versions prior to R9.4006 |
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4c"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer"
},
{
"status": "affected",
"version": "versions prior to R9.4006"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Heap-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T13:47:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4c"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer"
},
{
"version_value": "versions prior to R9.4006"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1006",
"datePublished": "2019-05-10T13:47:27.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1007 (GCVE-0-2015-1007)
Vulnerability from nvd – Published: 2019-03-25 18:38 – Updated: 2024-08-06 04:26
VLAI
Summary
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based buffer overflow CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4g
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4g
|
|
| Opto 22 | OptoOPCServer |
Affected:
R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008
|
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1007",
"datePublished": "2019-03-25T18:38:25.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14807 (GCVE-0-2018-14807)
Vulnerability from nvd – Published: 2018-10-18 21:00 – Updated: 2024-09-17 00:26
VLAI
Summary
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.opto22.com/support/resources-tools/kn… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Control Basic and PAC Control Professional |
Affected:
Versions R10.0a and prior
|
Date Public
2018-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Control Basic and PAC Control Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "Versions R10.0a and prior"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-04T00:00:00",
"ID": "CVE-2018-14807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Control Basic and PAC Control Professional",
"version": {
"version_data": [
{
"version_value": "Versions R10.0a and prior"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547",
"refsource": "CONFIRM",
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14807",
"datePublished": "2018-10-18T21:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:04.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202005-0315
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005449",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-29560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "e5b22756-8c85-4226-9499-fa6679cb753c",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005449",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12042",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005449",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-806",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
},
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12042",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29560",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46726",
"trust": 0.6
},
{
"db": "IVD",
"id": "A6C16F43-3C4B-444C-8A13-AA49139C3E50",
"trust": 0.2
},
{
"db": "IVD",
"id": "E5B22756-8C85-4226-9499-FA6679CB753C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"id": "VAR-202005-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
}
]
},
"last_update_date": "2023-12-18T12:17:07.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project Data Forgery Vulnerability (CNVD-2020-29560)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218473"
},
{
"title": "Opto 22 SoftPAC Project Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118759"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12042"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12042"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46726"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"date": "2020-05-14T21:15:13.103000",
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"date": "2020-05-18T00:55:43.443000",
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
}
}
VAR-202005-0045
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. Opto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10612",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005446",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29557",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005446",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10612",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005446",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-29557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-802",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. \nOpto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
},
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10612",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29557",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46727",
"trust": 0.6
},
{
"db": "IVD",
"id": "51302213-2B82-491C-A9A7-8E50E9D08AC6",
"trust": 0.2
},
{
"db": "IVD",
"id": "B7B50A2E-046E-4F2A-93AB-06E49FF67196",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"id": "VAR-202005-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
}
]
},
"last_update_date": "2023-12-18T12:17:07.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218467"
},
{
"title": "Opto 22 SoftPAC Project Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10612"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10612"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46727"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"date": "2020-05-14T21:15:12.853000",
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"date": "2020-05-18T01:25:06.300000",
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 1.0
}
}
VAR-202005-0046
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005447",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-29558",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "bd703eda-b234-4449-8d18-97218e565a05",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005447",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005447",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-29558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-803",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
},
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10616",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29558",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46725",
"trust": 0.6
},
{
"db": "IVD",
"id": "9EA9B261-C1B6-4CC5-83E4-1219C1733094",
"trust": 0.2
},
{
"db": "IVD",
"id": "BD703EDA-B234-4449-8D18-97218E565A05",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"id": "VAR-202005-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
]
},
"last_update_date": "2023-12-18T12:17:07.904000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218469"
},
{
"title": "Opto 22 SoftPAC Project Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119107"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10616"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10616"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46725"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"date": "2020-05-14T21:15:12.930000",
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"date": "2020-05-18T01:20:38.807000",
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 1.0
}
}
VAR-202005-0316
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005450",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-29561",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "b22c0495-769f-48da-9ef6-5618146b0740",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005450",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12046",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005450",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29561",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-808",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
},
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12046",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29561",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46728",
"trust": 0.6
},
{
"db": "IVD",
"id": "B22C0495-769F-48DA-9EF6-5618146B0740",
"trust": 0.2
},
{
"db": "IVD",
"id": "782AFA90-DDC4-4A9C-81B0-BAA6D02F4A98",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"id": "VAR-202005-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
]
},
"last_update_date": "2023-12-18T12:17:07.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project Data Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218475"
},
{
"title": "Opto 22 SoftPAC Project Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12046"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12046"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46728"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"date": "2020-05-14T21:15:13.180000",
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"date": "2020-05-18T00:56:09.727000",
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Data Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
}
}
VAR-202005-0049
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. The vulnerability stems from the fact that no credentials are required when communicating with SoftPAC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005448",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29559",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005448",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005448",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-29559",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-801",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. The vulnerability stems from the fact that no credentials are required when communicating with SoftPAC",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
},
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10620",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29559",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46724",
"trust": 0.6
},
{
"db": "IVD",
"id": "D250C32C-55C9-4FD5-B3AD-2F48BBDE8D8A",
"trust": 0.2
},
{
"db": "IVD",
"id": "F5E52199-3D15-476D-AD6C-04B032E1DFAA",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"id": "VAR-202005-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
]
},
"last_update_date": "2023-12-18T12:17:07.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218471"
},
{
"title": "Opto 22 SoftPAC Project Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10620"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"date": "2020-05-14T21:15:13.010000",
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"date": "2020-05-18T13:15:55.957000",
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Authorization Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
}
}
VAR-202103-1759
Vulnerability from variot - Updated: 2022-05-04 09:55OPTO22 SNAP-PAC-R2 is a new type of programmable automation controller from OPTO22, USA.
OPTO22 SNAP-PAC-R2 has a denial of service vulnerability, which can be exploited by a remote attacker to cause the device to restart.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1759",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snap-pac-r2 r10.0h",
"scope": null,
"trust": 0.6,
"vendor": "opto22",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-15547",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2021-15547",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OPTO22 SNAP-PAC-R2 is a new type of programmable automation controller from OPTO22, USA.\n\r\n\r\nOPTO22 SNAP-PAC-R2 has a denial of service vulnerability, which can be exploited by a remote attacker to cause the device to restart.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-15547",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"id": "VAR-202103-1759",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"last_update_date": "2022-05-04T09:55:17.947000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-15547"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OPTO22 SNAP-PAC-R2 has a denial of service vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-15547"
}
],
"trust": 0.6
}
}