CVE-2023-2685

CVSS V2 None CVSS V3 None

Description

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1

Overview

CVE ID
CVE-2023-2685

Assigner
ABB

Vulnerability Status
PUBLISHED

Published Version
2023-07-28T11:31:50.625Z

Last Modified Date
2023-07-28T11:31:50.625Z

Weakness Enumerations

CWE	URL
CWE-428	http://cwe.mitre.org/data/definitions/428.html

References

Reference URL	Reference Tags
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2685
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2685

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:13:35				Added to TrackCVE