The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
References
Link | Resource |
---|---|
https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-06-13 18:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-11672
Mitre link : CVE-2017-11672
CVE.ORG link : CVE-2017-11672
JSON object : View
Products Affected
opcfoundation
- local_discovery_server
CWE
CWE-428
Unquoted Search Path or Element