Vulnerability Details CVE-2022-44725
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.8%
CVSS Severity
CVSS v3 Score 7.8
References
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf
- https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf
- https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/
Products affected by CVE-2022-44725
-
cpe:2.3:a:opcfoundation:local_discovery_server:1.03.355
-
cpe:2.3:a:opcfoundation:local_discovery_server:1.03.367
-
cpe:2.3:a:opcfoundation:local_discovery_server:1.03.371
-
cpe:2.3:a:opcfoundation:local_discovery_server:1.03.400
-
cpe:2.3:a:opcfoundation:local_discovery_server:1.03.401