Multiple vulnerabilities in Opto 22 SoftPAC Project
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-12042 CVE-2020-12046 CVE-2020-10612 CVE-2020-10616 CVE-2020-10620 |
| CWE-ID | CWE-73 CWE-347 CWE-284 CWE-427 CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PAC Project Basic Client/Desktop applications / Other client software PAC Project Professional Client/Desktop applications / Other client software |
| Vendor | Opto22 |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) External Control of File Name or Path
EUVDB-ID: #VU27943
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12042
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the paths specified within the zip files used to update the SoftPAC firmware are not sanitized. A remote authenticated attacker can gain arbitrary file write access with system access.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPAC Project Basic: 9.6
PAC Project Professional: 9.6
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-135-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU27944
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12046
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to SoftPAC’s firmware files’ signatures are not verified upon firmware update. A remote authenticated attacker can replace legitimate firmware files with malicious files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPAC Project Basic: 9.6
PAC Project Professional: 9.6
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-135-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU27945
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10612
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the SoftPACAgent communicates with SoftPACMonitor over network Port 22000 without any restrictions. A remote attacker can control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPAC Project Basic: 9.6
PAC Project Professional: 9.6
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-135-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insecure DLL loading
EUVDB-ID: #VU27946
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10616
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPAC Project Basic: 9.6
PAC Project Professional: 9.6
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-135-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authorization
EUVDB-ID: #VU27947
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10620
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to the SoftPAC communication does not include any credentials. A remote attacker can directly communicate with SoftPAC.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPAC Project Basic: 9.6
PAC Project Professional: 9.6
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-135-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
