Vulnerability Description
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opto22 | Softpac Project | <= 9.6 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-20-135-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-135-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-10616?
CVE-2020-10616 is a vulnerability with a CVSS score of 8.8 (HIGH). Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
How severe is CVE-2020-10616?
CVE-2020-10616 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10616?
Check the references section above for vendor advisories and patch information. Affected products include: Opto22 Softpac Project.