Details of VAR-202005-0046

ID

VAR-202005-0046

CVE

CVE-2020-10616

TITLE

Opto 22 SoftPAC Project Code Issue Vulnerability

Trust: 1.0

sources: IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05 // CNVD: CNVD-2020-29558

DESCRIPTION

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things

Trust: 3.06

sources: NVD: CVE-2020-10616 // JVNDB: JVNDB-2020-005447 // CNVD: CNVD-2020-29558 // CNNVD: CNNVD-202005-803 // IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05 // CNVD: CNVD-2020-29558

AFFECTED PRODUCTS

vendor:	opto22	model:	softpac project	scope:	lte	version:	9.6	Trust: 1.0
vendor:	opto 22	model:	softpac project	scope:	eq	version:	9.6	Trust: 0.8
vendor:	opto22	model:	pac control basic	scope:	lte	version:	<=9.6	Trust: 0.6
vendor:	softpac	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05 // CNVD: CNVD-2020-29558 // JVNDB: JVNDB-2020-005447 // NVD: CVE-2020-10616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10616
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005447
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-29558
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-803
value:	HIGH
Trust: 0.6
IVD:	9ea9b261-c1b6-4cc5-83e4-1219c1733094
value:	HIGH
Trust: 0.2
IVD:	bd703eda-b234-4449-8d18-97218e565a05
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2020-10616
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-005447
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29558
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9ea9b261-c1b6-4cc5-83e4-1219c1733094
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	bd703eda-b234-4449-8d18-97218e565a05
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-10616
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005447
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05 // CNVD: CNVD-2020-29558 // JVNDB: JVNDB-2020-005447 // CNNVD: CNNVD-202005-803 // NVD: CVE-2020-10616

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2020-005447 // NVD: CVE-2020-10616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-803

TYPE

Code problem

Trust: 1.0

sources: IVD: 9ea9b261-c1b6-4cc5-83e4-1219c1733094 // IVD: bd703eda-b234-4449-8d18-97218e565a05 // CNNVD: CNNVD-202005-803

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005447

PATCH

title:	Top Page	url:	https://www.opto22.com/	Trust: 0.8
title:	Patch for Opto 22 SoftPAC Project code issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/218469	Trust: 0.6
title:	Opto 22 SoftPAC Project Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119107	Trust: 0.6

sources: CNVD: CNVD-2020-29558 // JVNDB: JVNDB-2020-005447 // CNNVD: CNNVD-202005-803

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10616	Trust: 3.4
db:	ICS CERT	id:	ICSA-20-135-01	Trust: 2.4
db:	CNVD	id:	CNVD-2020-29558	Trust: 1.0
db:	CNNVD	id:	CNNVD-202005-803	Trust: 1.0
db:	JVN	id:	JVNVU98824176	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005447	Trust: 0.8
db:	NSFOCUS	id:	46725	Trust: 0.6
db:	IVD	id:	9EA9B261-C1B6-4CC5-83E4-1219C1733094	Trust: 0.2
db:	IVD	id:	BD703EDA-B234-4449-8D18-97218E565A05	Trust: 0.2

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-135-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10616	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10616	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98824176/index.html	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46725	Trust: 0.6

sources: CNVD: CNVD-2020-29558 // JVNDB: JVNDB-2020-005447 // CNNVD: CNNVD-202005-803 // NVD: CVE-2020-10616

CREDITS

Mashav Sapir of Claroty

Trust: 0.6

sources: CNNVD: CNNVD-202005-803

SOURCES

db:	IVD	id:	9ea9b261-c1b6-4cc5-83e4-1219c1733094
db:	IVD	id:	bd703eda-b234-4449-8d18-97218e565a05
db:	CNVD	id:	CNVD-2020-29558
db:	JVNDB	id:	JVNDB-2020-005447
db:	CNNVD	id:	CNNVD-202005-803
db:	NVD	id:	CVE-2020-10616

LAST UPDATE DATE

2024-11-23T22:05:39.140000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-29558	date:	2020-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-005447	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202005-803	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2020-10616	date:	2024-11-21T04:55:42.357

SOURCES RELEASE DATE

db:	IVD	id:	9ea9b261-c1b6-4cc5-83e4-1219c1733094	date:	2020-05-14T00:00:00
db:	IVD	id:	bd703eda-b234-4449-8d18-97218e565a05	date:	2020-05-14T00:00:00
db:	CNVD	id:	CNVD-2020-29558	date:	2020-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-005447	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202005-803	date:	2020-05-14T00:00:00
db:	NVD	id:	CVE-2020-10616	date:	2020-05-14T21:15:12.930