Vulnerability Description
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opcfoundation | Local Discovery Server | < 1.04.405.479 |
Related Weaknesses (CWE)
References
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20PatchVendor Advisory
- https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecturePatchVendor Advisory
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20PatchVendor Advisory
- https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecturePatchVendor Advisory
FAQ
What is CVE-2022-44725?
CVE-2022-44725 is a vulnerability with a CVSS score of 7.8 (HIGH). OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (runnin...
How severe is CVE-2022-44725?
CVE-2022-44725 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-44725?
Check the references section above for vendor advisories and patch information. Affected products include: Opcfoundation Local Discovery Server.