Unpatched Security Vulnerability in OPTO 22 PAC Basic Software

VerSprite's VS-Labs discloses zero-day vulnerabilities found within Opto 22 PAC Control Basic software
Unpatched Security Vulnerability in OPTO 22 PAC Basic Software

OPTO 22 Zero-Day Vulnerability Disclosure

VerSprite’s Research and Development Team, VS-Labs, discovered a vulnerability in OPTO 22’s Control Basic Software suite that affects the Industrial Control System (ICS) and Operational Technology (OT) industries.

To date, this software remains unpatched and is a high-critical zero-day vulnerability that can leave ICS and OT organizations open to attack by malicious actors.

VerSprite’s VS-Labs initially discovered the Control.basic.exe vulnerability in July of 2020. Following proper protocol, we reached out to OPTO 22 within days of discovering the vulnerability and gave them ample time to produce a fix. Due to their inaction, we are releasing the vulnerability synopsis to raise awareness around this security issue. Please refer to our Vendor Disclosure Timeline on page 2 to review the steps we took to uncover the OPTO 22 PAC Control vulnerability.

UnPatched Vuln Found in Opto 22 PAC Control Basic Software


View VerSprite’s Vulnerability Analysis Report for Opto 22 Pac Control Basic Software


CVEs for the Opto 22 PAC Software Zero-Day


This vulnerability is currently unpatched and your organization should be aware of the risk potential and take measures to secure your systems. Once a patch is released it is critical that organizations update.

VerSprite Security Research Team

Maintain awareness regarding unknown threats to your products, technologies, and enterprise networks. Organizations that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. Our subscription-based capability provides your organization with immediate access to zero-day vulnerabilities affecting products and software. Learn More →

View our security advisories detailing vulnerabilities found in major products for MacOs, Windows, Android, and iOS.