CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44725
https://notcve.org/view.php?id=CVE-2022-44725
17 Nov 2022 — OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). OPC Foundation Local Discovery Server (LDS) hasta 1.04.403.478 utiliza una ruta de archivo codificada para un archivo de configuración. Esto permite a un usuario normal crear un archivo malicioso que LDS carga (ejecutándose como un usuario con altos privilegios). • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17443
https://notcve.org/view.php?id=CVE-2017-17443
13 Jun 2018 — OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired. OPC Foundation Local Discovery Server (LDS) 1.03.370 requería una actualización de seguridad par... • https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-17443.pdf • CWE-20: Improper Input Validation •