First published: Thu Nov 17 2022(Updated: )
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opcfoundation Local Discovery Server | <1.04.405.479 | |
<1.04.405.479 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-44725 is a vulnerability in the OPC Foundation Local Discovery Server (LDS) that allows a normal user to create a malicious file that is loaded by LDS, running as a high-privilege user.
CVE-2022-44725 has a severity value of 7.8 (high).
CVE-2022-44725 affects the OPC Foundation Local Discovery Server through version 1.04.403.478, allowing a user to exploit a hard-coded file path and execute malicious code.
A normal user can create a malicious file that is loaded by the OPC Foundation Local Discovery Server, running as a high-privilege user.
At the time of writing, there is no available fix for CVE-2022-44725. It is recommended to apply security best practices and monitor updates from the OPC Foundation.