CISA has published an advisory on external control of file name or path, improper verification of cryptographic signature, improper access control, uncontrolled search path element, and improper authorization vulnerabilities in Opto 22 SoftPAC Project. Versions 9.6 and prior are affected. Successful exploitation of these vulnerabilities could allow arbitrary file write access with system access, start or stop service, allow remote code execution, and limit system availability. Opto 22 released PAC Project 10.3 to address the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.