CVE-2017-11672
First published: Wed Jun 13 2018(Updated: )
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opcfoundation Local Discovery Server | <1.03.367 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2017-11672.
What is the severity of CVE-2017-11672?
The severity of CVE-2017-11672 is high with a score of 7.8 (out of 10).
What is affected by CVE-2017-11672?
The Local Discovery Server (LDS) version up to and including 1.03.367 is affected by CVE-2017-11672.
How can local users gain privileges using CVE-2017-11672?
Local users can gain privileges by exploiting the lack of double quotes around the opcualds.exe executable path.
Is there a fix available for CVE-2017-11672?
Yes, updating the OPC Foundation Local Discovery Server to version 1.03.367 or higher fixes the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opcfoundation
- canonical/opcfoundation local discovery server