SB2020051516 - Multiple vulnerabilities in Opto 22 SoftPAC Project

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020051516

SB2020051516 - Multiple vulnerabilities in Opto 22 SoftPAC Project

Published: May 15, 2020

Security Bulletin ID SB2020051516
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) External Control of File Name or Path (CVE-ID: CVE-2020-12042)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the paths specified within the zip files used to update the SoftPAC firmware are not sanitized. A remote authenticated attacker can gain arbitrary file write access with system access. 


2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-12046)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to SoftPAC’s firmware files’ signatures are not verified upon firmware update. A remote authenticated attacker can replace legitimate firmware files with malicious files.


3) Improper access control (CVE-ID: CVE-2020-10612)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the SoftPACAgent communicates with SoftPACMonitor over network Port 22000 without any restrictions. A remote attacker can control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.


4) Insecure DLL loading (CVE-ID: CVE-2020-10616)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.


5) Improper Authorization (CVE-ID: CVE-2020-10620)

The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to the SoftPAC communication does not include any credentials. A remote attacker can directly communicate with SoftPAC.


Remediation

Install update from vendor's website.

References