Sign-up

ID

VAR-202005-0045


CVE

CVE-2020-10612


TITLE

Opto 22 SoftPAC Project Access Control Error Vulnerability

Trust: 1.6

sources: IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // CNVD: CNVD-2020-29557 // CNNVD: CNNVD-202005-802

DESCRIPTION

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. Opto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port

Trust: 3.06

sources: NVD: CVE-2020-10612 // JVNDB: JVNDB-2020-005446 // CNVD: CNVD-2020-29557 // CNNVD: CNNVD-202005-802 // IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // CNVD: CNVD-2020-29557

AFFECTED PRODUCTS

vendor:opto22model:softpac projectscope:lteversion:9.6

Trust: 1.0

vendor:opto 22model:softpac projectscope:eqversion:9.6

Trust: 0.8

vendor:opto22model:pac control basicscope:lteversion:<=9.6

Trust: 0.6

vendor:softpacmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // CNVD: CNVD-2020-29557 // JVNDB: JVNDB-2020-005446 // NVD: CVE-2020-10612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10612
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005446
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-29557
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-802
value: CRITICAL

Trust: 0.6

IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6
value: HIGH

Trust: 0.2

IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2020-10612
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005446
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29557
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-10612
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005446
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // CNVD: CNVD-2020-29557 // JVNDB: JVNDB-2020-005446 // CNNVD: CNNVD-202005-802 // NVD: CVE-2020-10612

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.8

problemtype:CWE-284

Trust: 1.0

sources: JVNDB: JVNDB-2020-005446 // NVD: CVE-2020-10612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-802

TYPE

Access control error

Trust: 1.0

sources: IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // CNNVD: CNNVD-202005-802

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005446

PATCH
title:Top Pageurl:https://www.opto22.com/
Trust: 0.8
title:Patch for Opto 22 SoftPAC Project access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/218467
Trust: 0.6
title:Opto 22 SoftPAC Project Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118755
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29557 // 
            
            
            
            JVNDB: JVNDB-2020-005446 // 
            
            
            
            CNNVD: CNNVD-202005-802

EXTERNAL IDS
db:NVDid:CVE-2020-10612
Trust: 3.4
db:ICS CERTid:ICSA-20-135-01
Trust: 2.4
db:CNVDid:CNVD-2020-29557
Trust: 1.0
db:CNNVDid:CNNVD-202005-802
Trust: 1.0
db:JVNid:JVNVU98824176
Trust: 0.8
db:JVNDBid:JVNDB-2020-005446
Trust: 0.8
db:NSFOCUSid:46727
Trust: 0.6
db:IVDid:51302213-2B82-491C-A9A7-8E50E9D08AC6
Trust: 0.2
db:IVDid:B7B50A2E-046E-4F2A-93AB-06E49FF67196
Trust: 0.2
sources:
            
            
            IVD: 51302213-2b82-491c-a9a7-8e50e9d08ac6 // 
            
            
            
            IVD: b7b50a2e-046e-4f2a-93ab-06e49ff67196 // 
            
            
            
            CNVD: CNVD-2020-29557 // 
            
            
            
            JVNDB: JVNDB-2020-005446 // 
            
            
            
            CNNVD: CNNVD-202005-802 // 
            
            
            
            NVD: CVE-2020-10612

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-135-01
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10612
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10612
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98824176/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46727
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29557 // 
            
            
            
            JVNDB: JVNDB-2020-005446 // 
            
            
            
            CNNVD: CNNVD-202005-802 // 
            
            
            
            NVD: CVE-2020-10612

CREDITS
Mashav Sapir of Claroty
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-802

SOURCES
db:IVDid:51302213-2b82-491c-a9a7-8e50e9d08ac6
db:IVDid:b7b50a2e-046e-4f2a-93ab-06e49ff67196
db:CNVDid:CNVD-2020-29557
db:JVNDBid:JVNDB-2020-005446
db:CNNVDid:CNNVD-202005-802
db:NVDid:CVE-2020-10612

LAST UPDATE DATE
2024-11-23T22:05:39.034000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29557date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-005446date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-802date:2020-05-22T00:00:00
db:NVDid:CVE-2020-10612date:2024-11-21T04:55:41.920

SOURCES RELEASE DATE
db:IVDid:51302213-2b82-491c-a9a7-8e50e9d08ac6date:2020-05-14T00:00:00
db:IVDid:b7b50a2e-046e-4f2a-93ab-06e49ff67196date:2020-05-14T00:00:00
db:CNVDid:CNVD-2020-29557date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2020-005446date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-802date:2020-05-14T00:00:00
db:NVDid:CVE-2020-10612date:2020-05-14T21:15:12.853