CVE-2020-10616

Summary

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.

Affected Software

VendorProductVersion RangeStatus
n/aOpto 22 SoftPAC ProjectSoftPAC Project Version 9.6 and prioraffected

Weaknesses

  • CWE-427: UNCONTROLLED SEARCH PATH ELEMENT CWE-427

ADP Enrichment

CVE Program Container

Additional References

References