ICSA-15-120-01
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Opto 22 Multiple Product Vulnerabilities
CVSS 7.8
HIGH
CVEs (1)
Remediations
- Opto 22 has addressed the heap-based buffer overflow vulnerability in the PAC Project installer, Version 9.4006, which is used to install the affected products. Opto 22 has released a customer notification that discusses the heap-based buffer overflow vulnerability, which is available at the following URL: (http://www.opto22.com/site/knowledgebase/kb_view_article.aspx?aid=2571)
- The stack-based buffer overflow vulnerability has been addressed in the PAC Project installer, Version 9.4008, by removing the diagnostic tool, OPCTest.exe, from the installed software in the affected products. Opto 22 has released a customer notification that discusses the stack-based buffer overflow vulnerability, which is available at the following URL: (http://www.opto22.com/site/knowledgebase/kb_view_article.aspx?aid=2602)
- Opto 22 suggests upgrading to the new product version, as soon as possible. Opto 22’s product downloads are available at the following URL:(http://www.opto22.com/site/downloads/dl_downloads.aspx)
Affected Vendors
Opto 22
Affected Products (12)
Opto 22
·
PAC Project Professional
<R9.4006
Opto 22
·
PAC Project Basic
<R9.4006
Opto 22
·
PAC Display Basic
<R9.4f
Opto 22
·
PAC Display Professional
<R9.4f
Opto 22
·
OptoOPCServer
<R9.4c
Opto 22
·
OptoDataLink
R9.4d
Opto 22
·
PAC Project Professional
<R9.4008
Opto 22
·
PAC Project Basic
<R9.4008
Opto 22
·
PAC Display Basic
<R9.4g
Opto 22
·
PAC Display Professional
<R9.4g
Opto 22
·
OptoOPCServer
<=R9.4c
Opto 22
·
OptoDataLink
<=R9.4d
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more