Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
23 vulnerabilities by Opto 22
CVE-2025-13084 (GCVE-0-2025-13084)
Vulnerability from nvd – Published: 2025-11-26 17:39 – Updated: 2025-11-26 18:59| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | groov View Server |
Affected:
R1.0a , ≤ R4.5d
(custom)
|
|
| Opto 22 | GRV-EPIC-PR1 Firmware |
Affected:
0 , ≤ 4.0.3
(custom)
|
|
| Opto 22 | GRV-EPIC-PR2 Firmware |
Affected:
0 , ≤ 4.0.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T18:59:01.900699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T18:59:31.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "groov View Server",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "R4.5d",
"status": "affected",
"version": "R1.0a",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:groov_view_server:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "r4.5d",
"versionStartIncluding": "r1.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr1_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:39:37.931Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91325"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91325\"\u003ehere\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91325 ."
}
],
"source": {
"advisory": "ICSA-25-329-04",
"discovery": "EXTERNAL"
},
"title": "Opto 22 groov View Exposure of Sensitive Information Through Metadata",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13084",
"datePublished": "2025-11-26T17:39:37.931Z",
"dateReserved": "2025-11-12T19:21:15.811Z",
"dateUpdated": "2025-11-26T18:59:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40710 (GCVE-0-2023-40710)
Vulnerability from nvd – Published: 2023-08-24 16:09 – Updated: 2024-09-30 19:13- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T19:09:00.954993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T19:13:20.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u0026nbsp;SNAP PAC S1 Firmware version R10.3b\u003cbr\u003e"
}
],
"value": "An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:57.698Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40710",
"datePublished": "2023-08-24T16:09:25.235Z",
"dateReserved": "2023-08-18T19:31:53.418Z",
"dateUpdated": "2024-09-30T19:13:20.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40709 (GCVE-0-2023-40709)
Vulnerability from nvd – Published: 2023-08-24 16:08 – Updated: 2024-09-13 16:16- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:16:32.815231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:16:40.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u0026nbsp;SNAP PAC S1 Firmware version R10.3b"
}
],
"value": "An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:35.650Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40709",
"datePublished": "2023-08-24T16:08:47.919Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-09-13T16:16:40.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40708 (GCVE-0-2023-40708)
Vulnerability from nvd – Published: 2023-08-24 16:08 – Updated: 2024-10-02 20:20- CWE-1188 - Insecure Default Initialization of Resource
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:19:28.525178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:20:36.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files."
}
],
"value": "The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:04.863Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in OPTO 22 SNAP PAC S1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40708",
"datePublished": "2023-08-24T16:08:23.730Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:20:36.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40707 (GCVE-0-2023-40707)
Vulnerability from nvd – Published: 2023-08-24 16:05 – Updated: 2024-10-02 20:23- CWE-521 - Weak Password Requirements
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:23:08.081618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:23:51.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don\u0027t set up complex credentials."
}
],
"value": "There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don\u0027t set up complex credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T16:05:48.352Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40707",
"datePublished": "2023-08-24T16:05:48.352Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:23:51.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40706 (GCVE-0-2023-40706)
Vulnerability from nvd – Published: 2023-08-24 16:03 – Updated: 2024-10-02 20:24- CWE-307 - Improper Restriction of Excessive Authentication Attempts
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:24:19.956638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:24:51.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"datePublic": "2023-08-24T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login."
}
],
"value": "There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T16:04:32.945Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts in OPTO 22 SNAP PAC S1 Built-in Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40706",
"datePublished": "2023-08-24T16:03:36.347Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:24:51.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1006 (GCVE-0-2015-1006)
Vulnerability from nvd – Published: 2019-05-10 13:47 – Updated: 2024-08-06 04:26- CWE-121 - Heap-based buffer overflow CWE-121
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4f
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4f
|
|
| Opto 22 | OptoOPCServer |
Affected:
< R9.4c
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer
Affected: versions prior to R9.4006 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4c"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer"
},
{
"status": "affected",
"version": "versions prior to R9.4006"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Heap-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T13:47:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4c"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer"
},
{
"version_value": "versions prior to R9.4006"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1006",
"datePublished": "2019-05-10T13:47:27.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1007 (GCVE-0-2015-1007)
Vulnerability from nvd – Published: 2019-03-25 18:38 – Updated: 2024-08-06 04:26- CWE-121 - Stack-based buffer overflow CWE-121
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4g
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4g
|
|
| Opto 22 | OptoOPCServer |
Affected:
R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1007",
"datePublished": "2019-03-25T18:38:25.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14807 (GCVE-0-2018-14807)
Vulnerability from nvd – Published: 2018-10-18 21:00 – Updated: 2024-09-17 00:26- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
| URL | Tags |
|---|---|
| https://www.opto22.com/support/resources-tools/kn… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Control Basic and PAC Control Professional |
Affected:
Versions R10.0a and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Control Basic and PAC Control Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "Versions R10.0a and prior"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-04T00:00:00",
"ID": "CVE-2018-14807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Control Basic and PAC Control Professional",
"version": {
"version_data": [
{
"version_value": "Versions R10.0a and prior"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547",
"refsource": "CONFIRM",
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14807",
"datePublished": "2018-10-18T21:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:04.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13084 (GCVE-0-2025-13084)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:39 – Updated: 2025-11-26 18:59| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | groov View Server |
Affected:
R1.0a , ≤ R4.5d
(custom)
|
|
| Opto 22 | GRV-EPIC-PR1 Firmware |
Affected:
0 , ≤ 4.0.3
(custom)
|
|
| Opto 22 | GRV-EPIC-PR2 Firmware |
Affected:
0 , ≤ 4.0.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T18:59:01.900699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T18:59:31.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "groov View Server",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "R4.5d",
"status": "affected",
"version": "R1.0a",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:groov_view_server:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "r4.5d",
"versionStartIncluding": "r1.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr1_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:39:37.931Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91325"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91325\"\u003ehere\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91325 ."
}
],
"source": {
"advisory": "ICSA-25-329-04",
"discovery": "EXTERNAL"
},
"title": "Opto 22 groov View Exposure of Sensitive Information Through Metadata",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13084",
"datePublished": "2025-11-26T17:39:37.931Z",
"dateReserved": "2025-11-12T19:21:15.811Z",
"dateUpdated": "2025-11-26T18:59:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40710 (GCVE-0-2023-40710)
Vulnerability from cvelistv5 – Published: 2023-08-24 16:09 – Updated: 2024-09-30 19:13- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T19:09:00.954993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T19:13:20.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u0026nbsp;SNAP PAC S1 Firmware version R10.3b\u003cbr\u003e"
}
],
"value": "An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:57.698Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40710",
"datePublished": "2023-08-24T16:09:25.235Z",
"dateReserved": "2023-08-18T19:31:53.418Z",
"dateUpdated": "2024-09-30T19:13:20.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40709 (GCVE-0-2023-40709)
Vulnerability from cvelistv5 – Published: 2023-08-24 16:08 – Updated: 2024-09-13 16:16- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:16:32.815231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:16:40.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u0026nbsp;SNAP PAC S1 Firmware version R10.3b"
}
],
"value": "An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:35.650Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40709",
"datePublished": "2023-08-24T16:08:47.919Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-09-13T16:16:40.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40708 (GCVE-0-2023-40708)
Vulnerability from cvelistv5 – Published: 2023-08-24 16:08 – Updated: 2024-10-02 20:20- CWE-1188 - Insecure Default Initialization of Resource
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:19:28.525178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:20:36.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files."
}
],
"value": "The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:39:04.863Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in OPTO 22 SNAP PAC S1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40708",
"datePublished": "2023-08-24T16:08:23.730Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:20:36.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40707 (GCVE-0-2023-40707)
Vulnerability from cvelistv5 – Published: 2023-08-24 16:05 – Updated: 2024-10-02 20:23- CWE-521 - Weak Password Requirements
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:23:08.081618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:23:51.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don\u0027t set up complex credentials."
}
],
"value": "There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don\u0027t set up complex credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T16:05:48.352Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40707",
"datePublished": "2023-08-24T16:05:48.352Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:23:51.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40706 (GCVE-0-2023-40706)
Vulnerability from cvelistv5 – Published: 2023-08-24 16:03 – Updated: 2024-10-02 20:24- CWE-307 - Improper Restriction of Excessive Authentication Attempts
| Vendor | Product | Version | |
|---|---|---|---|
| OPTO 22 | SNAP PAC S1 |
Affected:
R10.3b
|
|
| opto22 | snap_pac_s1 |
Affected:
r10.3b
cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snap_pac_s1",
"vendor": "opto22",
"versions": [
{
"status": "affected",
"version": "r10.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:24:19.956638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:24:51.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SNAP PAC S1",
"vendor": "OPTO 22",
"versions": [
{
"status": "affected",
"version": "R10.3b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicolas Cano"
}
],
"datePublic": "2023-08-24T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login."
}
],
"value": "There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T16:04:32.945Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts in OPTO 22 SNAP PAC S1 Built-in Web Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-40706",
"datePublished": "2023-08-24T16:03:36.347Z",
"dateReserved": "2023-08-18T19:31:53.417Z",
"dateUpdated": "2024-10-02T20:24:51.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1006 (GCVE-0-2015-1006)
Vulnerability from cvelistv5 – Published: 2019-05-10 13:47 – Updated: 2024-08-06 04:26- CWE-121 - Heap-based buffer overflow CWE-121
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4006
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4f
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4f
|
|
| Opto 22 | OptoOPCServer |
Affected:
< R9.4c
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer
Affected: versions prior to R9.4006 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4006"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4f"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4c"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer"
},
{
"status": "affected",
"version": "versions prior to R9.4006"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Heap-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T13:47:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4006"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4f"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4c"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer"
},
{
"version_value": "versions prior to R9.4006"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1006",
"datePublished": "2019-05-10T13:47:27.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1007 (GCVE-0-2015-1007)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:38 – Updated: 2024-08-06 04:26- CWE-121 - Stack-based buffer overflow CWE-121
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Project Professional |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Project Basic |
Affected:
< R9.4008
|
|
| Opto 22 | PAC Display Basic |
Affected:
< R9.4g
|
|
| Opto 22 | PAC Display Professional |
Affected:
< R9.4g
|
|
| Opto 22 | OptoOPCServer |
Affected:
R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008
|
|
| Opto 22 | OptoDataLink |
Affected:
R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Project Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Project Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4008"
}
]
},
{
"product": "PAC Display Basic",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "PAC Display Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "\u003c R9.4g"
}
]
},
{
"product": "OptoOPCServer",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
},
{
"product": "OptoDataLink",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T18:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "\u003c R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-1007",
"datePublished": "2019-03-25T18:38:25.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14807 (GCVE-0-2018-14807)
Vulnerability from cvelistv5 – Published: 2018-10-18 21:00 – Updated: 2024-09-17 00:26- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
| URL | Tags |
|---|---|
| https://www.opto22.com/support/resources-tools/kn… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Opto 22 | PAC Control Basic and PAC Control Professional |
Affected:
Versions R10.0a and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAC Control Basic and PAC Control Professional",
"vendor": "Opto 22",
"versions": [
{
"status": "affected",
"version": "Versions R10.0a and prior"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-04T00:00:00",
"ID": "CVE-2018-14807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAC Control Basic and PAC Control Professional",
"version": {
"version_data": [
{
"version_value": "Versions R10.0a and prior"
}
]
}
}
]
},
"vendor_name": "Opto 22"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547",
"refsource": "CONFIRM",
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14807",
"datePublished": "2018-10-18T21:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:04.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202005-0315
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005449",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-29560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "e5b22756-8c85-4226-9499-fa6679cb753c",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005449",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12042",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005449",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-806",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
},
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12042",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29560",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46726",
"trust": 0.6
},
{
"db": "IVD",
"id": "A6C16F43-3C4B-444C-8A13-AA49139C3E50",
"trust": 0.2
},
{
"db": "IVD",
"id": "E5B22756-8C85-4226-9499-FA6679CB753C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"id": "VAR-202005-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
}
]
},
"last_update_date": "2023-12-18T12:17:07.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project Data Forgery Vulnerability (CNVD-2020-29560)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218473"
},
{
"title": "Opto 22 SoftPAC Project Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118759"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12042"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12042"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46726"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "a6c16f43-3c4b-444c-8a13-aa49139c3e50"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "e5b22756-8c85-4226-9499-fa6679cb753c"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"date": "2020-05-14T21:15:13.103000",
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29560"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005449"
},
{
"date": "2020-05-18T00:55:43.443000",
"db": "NVD",
"id": "CVE-2020-12042"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-806"
}
],
"trust": 0.6
}
}
VAR-202005-0045
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. Opto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10612",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005446",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29557",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005446",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10612",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005446",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-29557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-802",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. \nOpto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
},
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10612",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29557",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46727",
"trust": 0.6
},
{
"db": "IVD",
"id": "51302213-2B82-491C-A9A7-8E50E9D08AC6",
"trust": 0.2
},
{
"db": "IVD",
"id": "B7B50A2E-046E-4F2A-93AB-06E49FF67196",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"id": "VAR-202005-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
}
]
},
"last_update_date": "2023-12-18T12:17:07.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218467"
},
{
"title": "Opto 22 SoftPAC Project Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10612"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10612"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46727"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"date": "2020-05-14T21:15:12.853000",
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005446"
},
{
"date": "2020-05-18T01:25:06.300000",
"db": "NVD",
"id": "CVE-2020-10612"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNVD",
"id": "CNVD-2020-29557"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "51302213-2b82-491c-a9a7-8e50e9d08ac6"
},
{
"db": "IVD",
"id": "b7b50a2e-046e-4f2a-93ab-06e49ff67196"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-802"
}
],
"trust": 1.0
}
}
VAR-202005-0046
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005447",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-29558",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "bd703eda-b234-4449-8d18-97218e565a05",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005447",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005447",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-29558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-803",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
},
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10616",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29558",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46725",
"trust": 0.6
},
{
"db": "IVD",
"id": "9EA9B261-C1B6-4CC5-83E4-1219C1733094",
"trust": 0.2
},
{
"db": "IVD",
"id": "BD703EDA-B234-4449-8D18-97218E565A05",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"id": "VAR-202005-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
]
},
"last_update_date": "2023-12-18T12:17:07.904000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218469"
},
{
"title": "Opto 22 SoftPAC Project Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119107"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10616"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10616"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46725"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"date": "2020-05-14T21:15:12.930000",
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29558"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005447"
},
{
"date": "2020-05-18T01:20:38.807000",
"db": "NVD",
"id": "CVE-2020-10616"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNVD",
"id": "CNVD-2020-29558"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "9ea9b261-c1b6-4cc5-83e4-1219c1733094"
},
{
"db": "IVD",
"id": "bd703eda-b234-4449-8d18-97218e565a05"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-803"
}
],
"trust": 1.0
}
}
VAR-202005-0316
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005450",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-29561",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "b22c0495-769f-48da-9ef6-5618146b0740",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005450",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12046",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005450",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29561",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-808",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
},
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12046",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29561",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46728",
"trust": 0.6
},
{
"db": "IVD",
"id": "B22C0495-769F-48DA-9EF6-5618146B0740",
"trust": 0.2
},
{
"db": "IVD",
"id": "782AFA90-DDC4-4A9C-81B0-BAA6D02F4A98",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"id": "VAR-202005-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
]
},
"last_update_date": "2023-12-18T12:17:07.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project Data Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218475"
},
{
"title": "Opto 22 SoftPAC Project Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12046"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12046"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46728"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"date": "2020-05-14T21:15:13.180000",
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29561"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005450"
},
{
"date": "2020-05-18T00:56:09.727000",
"db": "NVD",
"id": "CVE-2020-12046"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Data Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b22c0495-769f-48da-9ef6-5618146b0740"
},
{
"db": "IVD",
"id": "782afa90-ddc4-4a9c-81b0-baa6d02f4a98"
},
{
"db": "CNVD",
"id": "CNVD-2020-29561"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-808"
}
],
"trust": 0.6
}
}
VAR-202005-0049
Vulnerability from variot - Updated: 2023-12-18 12:17Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. The vulnerability stems from the fact that no credentials are required when communicating with SoftPAC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softpac project",
"scope": "lte",
"trust": 1.0,
"vendor": "opto22",
"version": "9.6"
},
{
"model": "softpac project",
"scope": "eq",
"trust": 0.8,
"vendor": "opto 22",
"version": "9.6"
},
{
"model": "pac control basic",
"scope": "lte",
"trust": 0.6,
"vendor": "opto22",
"version": "\u003c=9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "softpac",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opto22:softpac_project:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mashav Sapir of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005448",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29559",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005448",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10620",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005448",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-29559",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-801",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. The vulnerability stems from the fact that no credentials are required when communicating with SoftPAC",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
},
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10620",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-135-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-29559",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU98824176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46724",
"trust": 0.6
},
{
"db": "IVD",
"id": "D250C32C-55C9-4FD5-B3AD-2F48BBDE8D8A",
"trust": 0.2
},
{
"db": "IVD",
"id": "F5E52199-3D15-476D-AD6C-04B032E1DFAA",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"id": "VAR-202005-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
],
"trust": 2.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
]
},
"last_update_date": "2023-12-18T12:17:07.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.opto22.com/"
},
{
"title": "Patch for Opto 22 SoftPAC Project authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/218471"
},
{
"title": "Opto 22 SoftPAC Project Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10620"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98824176/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"date": "2020-05-14T00:00:00",
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"date": "2020-05-14T21:15:13.010000",
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29559"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005448"
},
{
"date": "2020-05-18T13:15:55.957000",
"db": "NVD",
"id": "CVE-2020-10620"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opto 22 SoftPAC Project Authorization Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d250c32c-55c9-4fd5-b3ad-2f48bbde8d8a"
},
{
"db": "IVD",
"id": "f5e52199-3d15-476d-ad6c-04b032e1dfaa"
},
{
"db": "CNVD",
"id": "CNVD-2020-29559"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-801"
}
],
"trust": 0.6
}
}