Lucene search

[email protected]NVD:CVE-2022-44725

HistoryNov 17, 2022 - 10:15 p.m.

CVE-2022-44725

2022-11-1722:15:11

CWE-732

[email protected]

web.nvd.nist.gov

opc foundation

local discovery server

vulnerability

configuration file

malicious file

high-privilege user

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).

Affected configurations

Nvd

Node

opcfoundationlocal_discovery_serverRange<1.04.405.479

VendorProductVersionCPE
opcfoundationlocal_discovery_server*cpe:2.3:a:opcfoundation:local_discovery_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opcfoundation	local_discovery_server	*	cpe:2.3:a:opcfoundation:local_discovery_server::::::::

References

files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf

opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-44725

prion1 ics2 cve1 cvelist1