CVE-2020-12046
MEDIUMOpto 22 SoftPAC Project <= 9.6 - Unauthenticated Firmware Signature Verification Bypass
Title source: llmDescription
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-135-01
Scores
CVSS v3
5.7
EPSS
0.0046
EPSS Percentile
36.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-347
Status
published
Products (1)
opto22/softpac_project
< 9.6
Published
May 14, 2020
Tracked Since
Feb 18, 2026