CVE-2022-44725
First published: Thu Nov 17 2022(Updated: )
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opcfoundation Local Discovery Server | <1.04.405.479 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-44725?
CVE-2022-44725 is a vulnerability in the OPC Foundation Local Discovery Server (LDS) that allows a normal user to create a malicious file that is loaded by LDS, running as a high-privilege user.
What is the severity of CVE-2022-44725?
CVE-2022-44725 has a severity value of 7.8 (high).
How does CVE-2022-44725 affect the OPC Foundation Local Discovery Server?
CVE-2022-44725 affects the OPC Foundation Local Discovery Server through version 1.04.403.478, allowing a user to exploit a hard-coded file path and execute malicious code.
How can a normal user exploit CVE-2022-44725?
A normal user can create a malicious file that is loaded by the OPC Foundation Local Discovery Server, running as a high-privilege user.
Is there a fix for CVE-2022-44725?
At the time of writing, there is no available fix for CVE-2022-44725. It is recommended to apply security best practices and monitor updates from the OPC Foundation.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opcfoundation
- canonical/opcfoundation local discovery server