Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44725: Unified Architecture - OPC Foundation

OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).

CVE
#windows#linux#redis#ssl

Title: Local Discovery Server (LDS) Description:

The Local Discovery Server (LDS) provides the necessary infrastructure to publicly expose the OPC UA Servers available on a given computer.

This download includes:

  • Windows based executable written in portable ANSI C
  • Revision history

Documentation can be found here.

License: OPC Redistributable Agreement of Use

  • Support
  • Roadmap
  • Tracking

OPC Foundation membership fees are used by the OPC Foundation for the continuous improvement of this application, which includes bug-fixes to the application and the Stack it uses, and adding new features as required by the continuous advancement of the OPC Specifications.

Sample code/ Reference Implementations are provided to OPC Foundation Members as-is for the primary purpose of demonstration and educational purposes. OPC Foundation Members may use the OPC Foundation deliverables for their Product development. (Members are not permitted to distribute OPC Foundation Source code (see OPC Foundation license agreement)

Technical support is provided in the form of sample code and synopsis documentation. The OPC Foundation will soon have a forum where the OPC Foundation members and community provide “support” for the advancement and adoption of OPC technology.

Found a bug? Please report any bugs to our Mantis system. Click the “Tracking” tab for a list of current work items. We welcome your bug-fixes and kindly ask you to submit them via Mantis.

Have a Suggestion / Request for enhancement / New Features? Please Join an OPC Foundation Member Working Group (details may be found here). You may also submit requests to the OPC Foundation email address of. All suggestions become the property of the OPC Foundation.

  • Linux version
  • Bug-fixes and enhancements as needed.

Access: Registered User

  • Downloads
  • Archives

Version

Status

Description

Date Posted
(YYYY-MM-DD)

Download

1.04.405

Release

OPC UA Local Discovery Server MergeModule (ZIP/EXE)

2022-11-08

Icon

1.04.405

Release

OPC UA Local Discovery Server Installer (ZIP/EXE)

2022-11-08

Icon

Version

Status

Description

Date Posted
(YYYY-MM-DD)

Download

1.04.403.476

Release

OPC UA Local Discovery Server Installer (ZIP/EXE)

2022-03-18

Icon

1.04.403.476

Release

OPC UA Local Discovery Server MergeModule (ZIP/EXE)

2022-03-18

Icon

1.03.401

Release

OPC UA Local Discovery Server (EXE/ZIP)

2019-06-18

Icon

1.03.401

Release

OPC UA Local Discovery Server MergeModule (MSM/ZIP)

2019-06-18

Icon

1.03.400

Release

OPC UA Local Discovery Server (MSI/ZIP)

2018-08-09

Icon

1.03.400

Release

OPC UA Local Discovery Server MergeModule (MSM/ZIP)

2018-08-09

Icon

Version 1.3, February 06, 2017, OPC Foundation

The terms and conditions of the Agreement apply to the Software Deliverables including without limitation any OPC Foundation:

  • updates,
  • supplements
  • Internet-based services, and
  • support services

for the Software Deliverables, unless OPC Foundation specifies that any other terms accompany such items, in which case the alternate terms specified by OPC Foundation would apply.

BY USING THE SOURCE DELIVERABLES, YOU ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, DO NOT USE THE SOFTWARE DELIVERABLES.

If you comply with this Agreement, you have the rights below.

1. INSTALLATION AND USE RIGHTS.

.
You may install and use any number of copies of the Software Deliverables.

2. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.

.
Distributable Code. The Software Deliverables contain compiled code that you are permitted to distribute with programs you develop if you comply with the terms below.

  1. Right to Use and Distribute.
  • You may copy and distribute all files that are part of this Software Deliverables.
  • Third Party Distribution. You may permit distributors of your programs to copy and distribute the Software Deliverables as part of those programs.
  1. Distribution Requirements. For any Software Deliverables you distribute, you must:
  2. add significant primary functionality to it in your programs;
  3. require distributors and external end users to agree to terms that protect it at least as much as this Agreement;
  4. display your valid copyright notice on your programs; and
  5. indemnify, defend, and hold harmless the OPC Foundation from any claims, including attorneys’ fees, related to the distribution or use of your programs.
  6. Distribution Restrictions. You may not:
  • alter any copyright, trademark or patent notice in the Software Deliverables;
  • use the OPC Foundation’s trademarks in your programs’ names or in a way that suggests your programs come from or are endorsed by the OPC Foundation;
  • include Software Deliverables in malicious, deceptive or unlawful programs;
  • modify or distribute the source code of any Software Deliverables so that any part of it becomes subject to an Excluded License. An Excluded License is one that requires, as a condition of use, modification or distribution, that (1). the code be disclosed or distributed in source code form; or (2) permit or otherwise allow others to have the right to modify such Software Deliverables; or
  • create additional software components that directly link or directly load the Software Deliverables without accepting the corresponding source license for that Software Deliverable.

3. SCOPE OF LICENSE.

The Software Deliverables are licensed, not sold. This Agreement only gives you some rights to use the Software Deliverables. The OPC Foundation reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this Agreement. In doing so, you must comply with any technical limitations in the Software Deliverables that only allow you to use it in certain ways. You may not:

  • disclose the results of any benchmark tests of the Software Deliverables to any third party without OPC Foundation’s prior written approval;
  • work around any technical limitations in the Software Deliverables;
  • reverse engineer, decompile or disassemble the Software Deliverables, except and only to the extent that applicable law expressly permits, despite this limitation;
  • make more copies of the Software Deliverables than specified in this Agreement or allowed by applicable law, despite this limitation;
  • publish the Software Deliverables for others to copy; or
  • rent, lease or lend the Software Deliverables.

4. BACKUP COPY.

You may make one backup copy of the Software Deliverables. You may use such copy only to reinstall the Software.

5. DOCUMENTATION.

Any person that has valid access to your computer or internal network may copy and use the documentation related to the Software Deliverables for your internal reference purposes.

6. EXPORT RESTRICTIONS.

The Software Deliverables are subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Software Deliverables. These laws include restrictions on destinations, end users and end use.

7. SUPPORT SERVICES.

Because you accept the Software3 Deliverables from OPC Foundation “as is,” OPC Foundation may not provide support services for it.

8. ENTIRE AGREEMENT.

This Agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire Agreement for the Software Deliverables and support services.

10. LEGAL EFFECT

This Agreement describes certain legal rights. You may have other rights under the laws of your country. This Agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

11. DISCLAIMER OF WARRANTY.

THE SOFTWARE DELIVERABLES ARE LICENSED “AS-IS.” YOU BEAR THE RISK OF USING THE SPECIFICATIONS. THE OPC FOUNDATION MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, WITH REGARD TO THE SOFTWARE DELIVERABLES, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY, OR WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR USE.YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS THAT THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, THE OPC FOUNDATION EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
IN NO EVENT SHALL THE OPC FOUNDATION BE LIABLE FOR ERRORS CONTAINED IN THE SOURCE DELIVERABLES OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR USE, INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THE SOFTWARE DELIVERABLES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE USING THE SOFTWARE DELIVERABLES IS BORNE BY YOU AND/OR THE USER.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907