CVE-2020-10620

EUVD-2020-3068
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
opto22softpac_project
𝑥
≤ 9.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsa-20-135-01
https://www.us-cert.gov/ics/advisories/icsa-20-135-01