The vulnerability of Kepware KEPServerEX and ThingWorkx Kepware Server software lies in the uncontrolled element of the search path, allowing a attacker to replace the installer with an arbitrary DLL library.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a attacker to replace the installer with a program that uses arbitrary DLL libraries...