VerSprite’s Research and Development Team, VS-Labs, discovered a vulnerability in OPTO 22’s Control Basic Software suite that affects the Industrial Control System (ICS) and Operational Technology (OT) industries.
To date, this software remains unpatched and is a high-critical zero-day vulnerability that can leave ICS and OT organizations open to attack by malicious actors.
VerSprite’s VS-Labs initially discovered the
Control.basic.exe vulnerability in July of 2020. Following proper protocol, we reached out to OPTO 22 within days of discovering the vulnerability and gave them ample time to produce a fix. Due to their inaction, we are releasing the vulnerability synopsis to raise awareness around this security issue. Please refer to our Vendor Disclosure Timeline on page 2 to review the steps we took to uncover the OPTO 22 PAC Control vulnerability.
This vulnerability is currently unpatched and your organization should be aware of the risk potential and take measures to secure your systems. Once a patch is released it is critical that organizations update.
Maintain awareness regarding unknown threats to your products, technologies, and enterprise networks. Organizations that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. Our subscription-based capability provides your organization with immediate access to zero-day vulnerabilities affecting products and software. Learn More →
View our security advisories detailing vulnerabilities found in major products for MacOs, Windows, Android, and iOS.