Opcfoundation: >> Local Discovery Server Security Vulnerabilities
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
CVSS Score
7.8
EPSS Score
0.001
Published
2022-11-17
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-13
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-06-13