What the vulnerability does

01Description

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.

Key dates

02Disclosure timeline

May 14, 2020 CVE published
August 4, 2024 Record updated