CVE-2020-12046

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACs firmware files signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
opto22softpac_project
𝑥
≤ 9.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsa-20-135-01
https://www.us-cert.gov/ics/advisories/icsa-20-135-01