CVE-2017-17443 — MEDIUM (6.5)

Vulnerability Description

OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opcfoundation	Local Discovery Server	1.03.370

Related Weaknesses (CWE)

CWE-20

References

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_FoundatioVendor Advisory
https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_FoundatioVendor Advisory

FAQ

What is CVE-2017-17443?

CVE-2017-17443 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configurati...

How severe is CVE-2017-17443?

CVE-2017-17443 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17443?

Check the references section above for vendor advisories and patch information. Affected products include: Opcfoundation Local Discovery Server.