Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4258: VDE-2022-059 | CERT@VDE

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

CVE
Open in Source
#vulnerability#windows

2023-01-16 10:00 (CET) VDE-2022-059

HIMA: unquoted path vulnerabilities in X-OPC and X-OTS
Share: Email | Twitter

Published

2023-01-16 10:00 (CET)

Last update

2023-01-13 11:12 (CET)

Vendor(s)

HIMA Paul Hildebrandt GmbH

Product(s)

Article No°

Product Name

Affected Version(s)

892042400

HOPCS

<= 3.56.4

894000016

X-OPC A+E

<= 5.6.1210

894000015

X-OPC DA

<= 5.6.1210

895900001

X-OTS

<= 1.32.550

Summary

Unquoted Windows search path vulnerability in the below mentioned Software for Windows might allow local users to gain privileges via a malicious .exe file.

CVE ID

Last Update:

Jan. 11, 2023, 7:45 a.m.

Severity

Weakness

Unquoted Search Path or Element (CWE-428)

Summary

In HIMA PC based Software in multiple versions an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

Details

Impact

The vulnerability can be used to run a malicious file with administrator privileges while being logged in as a normal user. Therefore, any action which is not restricted by other measures could be taken.

Due to the security manual HIMA recommends to run the OPC Server and the programming environment on different PCs.

The OPC can only influence the data defined in the project. It does not have the ability to change the project. For this reason HIMA estimates the influence of the OPC Server on the program of the safety PLC (Programmable Logic Controller) as unlikely.

Solution

Mitigation

Ensure that Registry can only be accessed with administrator privileges.
HOPCS: Install in a path without spaces and/or select a user with low privileges in the DCOM settings dcomcnfg/Identity.
When using X-OPC or X-OTS it is recommended to protect the user program, with the system variables (see Automation Security Manual “3.2.2.2 Access Restrictions”):

  • Forcing Deactivation
  • Read-only in RUN
  • Reload Deactivation

Remediation

All present products will be fixed. Updates are under development.
Note: HOPCS is not suitable for present HIMA Products and is not planned to be fixed.

Reported by

This vulnerability has been found by a HIMA customer.
Case handled by [email protected] in cooperation with CERT@VDE

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE