CVE-2020-10612

CRITICAL

Opto 22 SoftPAC <9.6 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-135-01

Scores

CVSS v3 9.1
EPSS 0.0107
EPSS Percentile 60.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-284 CWE-862
Status published
Products (1)
opto22/softpac_project < 9.6
Published May 14, 2020
Tracked Since Feb 18, 2026