What is the vulnerability ID for AO-OPC server?

The vulnerability ID for AO-OPC server is CVE-2023-2685.

What is the severity of CVE-2023-2685?

CVE-2023-2685 has a severity score of 6.3, which is considered high.

What is affected by CVE-2023-2685?

AO-OPC server versions 1.0.0 to 3.2.1 are affected by CVE-2023-2685.

Is there a fix available for CVE-2023-2685?

Please refer to the reference link for a possible fix or mitigation strategies for CVE-2023-2685.

Vulnerability/
CVE-2023-2685

high

7.2

CWE

428

28/7/2023

21/10/2024

CVE-2023-2685: Unquoted Service Path in ABB AO-OPC

Q: How can potential attackers exploit CVE-2023-2685?

Potential attackers could possibly call up another application than the AO-OPC server by starting the service with malformed directory information.

First published: Fri Jul 28 2023(Updated: )

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1

Credit: cybersecurity@ch.abb.com cybersecurity@ch.abb.com

Affected Software	Affected Version	How to fix
Abb Ao-opc	>=1.0.0<=3.2.1

Never miss a vulnerability like this again

Reference Links

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch

Frequently Asked Questions

What is the vulnerability ID for AO-OPC server?
The vulnerability ID for AO-OPC server is CVE-2023-2685.
What is the severity of CVE-2023-2685?
CVE-2023-2685 has a severity score of 6.3, which is considered high.
What is affected by CVE-2023-2685?
AO-OPC server versions 1.0.0 to 3.2.1 are affected by CVE-2023-2685.
How can potential attackers exploit CVE-2023-2685?
Potential attackers could possibly call up another application than the AO-OPC server by starting the service with malformed directory information.
Is there a fix available for CVE-2023-2685?
Please refer to the reference link for a possible fix or mitigation strategies for CVE-2023-2685.

collector/nvd-index
agent/author
agent/softwarecombine
agent/type
agent/references
agent/weakness
agent/description
collector/nvd-latest
agent/software-canonical-lookup-request
collector/nvd-api
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/tags
agent/first-publish-date
agent/event
vendor/abb
canonical/abb ao-opc
version/abb ao-opc/1.0.0
version/abb ao-opc/3.2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.