Summary
Unquoted Windows search path vulnerability in the below mentioned Software for Windows might allow local users to gain privileges via a malicious .exe file.
Impact
The vulnerability can be used to run a malicious file with administrator privileges while being logged in as a normal user. Therefore, any action which is not restricted by other measures could be taken.
Due to the security manual HIMA recommends to run the OPC Server and the programming environment on different PCs.
The OPC can only influence the data defined in the project. It does not have the ability to change the project. For this reason HIMA estimates the influence of the OPC Server on the program of the safety PLC (Programmable Logic Controller) as unlikely.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 892042400 | HOPCS | Firmware <=3.56.4 |
| 894000016 | X-OPC A+E | Firmware <=5.6.1210 |
| 894000015 | X-OPC DA | Firmware <=5.6.1210 |
| 895900001 | X-OTS | Firmware <=1.32.550 |
Vulnerabilities
Expand / Collapse allIn multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
Mitigation
Ensure that Registry can only be accessed with administrator privileges.
HOPCS: Install in a path without spaces and/or select a user with low privileges in the DCOM settings dcomcnfg/Identity.
When using X-OPC or X-OTS it is recommended to protect the user program, with the system variables (see Automation Security Manual '3.2.2.2 Access Restrictions'):
- Forcing Deactivation
- Read-only in RUN
- Reload Deactivation
Remediation
All present products will be fixed. Updates are under development.Note: HOPCS is not suitable for present HIMA Products and is not planned to be fixed.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 16.01.2023 10:00 | Initial revision. |
| 2 | 22.05.2025 15:03 | Fix: quotation mark |