CVE-2020-12042

Summary

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.

Affected Software

VendorProductVersion RangeStatus
n/aOpto 22 SoftPAC ProjectSoftPAC Project Version 9.6 and prioraffected

Weaknesses

  • CWE-347: IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347

ADP Enrichment

CVE Program Container

Additional References

References