CVE-2023-2685 – Unquoted Service Path in ABB AO-OPC

https://notcve.org/view.php?id=CVE-2023-2685

28 Jul 2023 — A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to syst... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-428: Unquoted Search Path or Element •