Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2561: CVE-2022-2561 Connectivity Explorer file vulnerability (ZDI-CAN-16596)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16596.

CVE
#vulnerability#redis#zero_day

Summary

The Connectivity Explorer (part of QuickOPC) allows the user to save and load XML files with list of "Live Points". When opening the file, the Connectivity Explorer does not treat it as untrusted data. This allows the attacker to craft a special file which will then execute commands on the user’s computer.

More Information

The vulnerability is not related to OPC communication.

The vulnerability does not affect user software created with QuickOPC, because it is only present in the Connectivity Explorer application, which is not redistributable.

The Connectivity Explorer does not associate a file extension with its files. Consequently, clicking/double-clicking on a malicious file does not trigger the vulnerability. The vulnerability can only be exploited by explicitly opening the file from the Connectivity Explorer application by the user.

Affected Versions

Affected are all Connectivity Explorer versions lower than 5.63.246 (QuickOPC 2022.1 build 246).

Resolution

The Connectivity Explorer now restricts the types that are allowed to load.

Acknowledgements

Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative.

Related news

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907