CVE-2017-11672

The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opcfoundation:local_discovery_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:08

Type Values Removed Values Added
References () https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf - Vendor Advisory () https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf - Vendor Advisory

Information

Published : 2018-06-13 18:29

Updated : 2024-11-21 03:08


NVD link : CVE-2017-11672

Mitre link : CVE-2017-11672

CVE.ORG link : CVE-2017-11672


JSON object : View

Products Affected

opcfoundation

  • local_discovery_server
CWE
CWE-428

Unquoted Search Path or Element