The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
References
Configurations
History
21 Nov 2024, 03:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf - Vendor Advisory |
Information
Published : 2018-06-13 18:29
Updated : 2024-11-21 03:08
NVD link : CVE-2017-11672
Mitre link : CVE-2017-11672
CVE.ORG link : CVE-2017-11672
JSON object : View
Products Affected
opcfoundation
- local_discovery_server
CWE
CWE-428
Unquoted Search Path or Element