CVE-2020-10620
CRITICALOpto 22 SoftPAC Project <= 9.6 - Unauthenticated Missing Authorization
Title source: llmDescription
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-135-01
Scores
CVSS v3
9.8
EPSS
0.0121
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-285
CWE-862
Status
published
Products (1)
opto22/softpac_project
< 9.6
Published
May 14, 2020
Tracked Since
Feb 18, 2026