CVE-2020-10616

HIGH

Opto 22 SoftPAC <9.6 - Code Injection

Title source: llm

Description

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-135-01

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

opto22/softpac_project < 9.6

Timeline

Published May 14, 2020

Tracked Since Feb 18, 2026