VDE-2024-018
Last update
14.05.2025 14:36
Published at
28.02.2024 08:00
Vendor(s)
Wiesemann & Theis GmbH
External ID
VDE-2024-018
CSAF Document
Summary
Multiple Wiesemann & Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative privileges by inserting an executable file in the path of the affected product.
Update A, 07.03.2024
Incorrect version numbers have been corrected.
Impact
A local attacker can execute arbitrary code through the affected products and gain administrative privileges by inserting an executable file in a specific path.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 00102 | Com Redirector Legacy <=3.93 | Com Redirector Legacy <=3.93 |
| 00111 | Com Redirector PnP <=4.42 | Com Redirector PnP <=4.42 |
| 00103 | OPC-Server <=4.88 | OPC-Server <=4.88 |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:58
Severity
Weakness
Unquoted Search Path or Element (CWE-428)
Summary
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.
References
Remediation
Remediation
- Update Com Redirector Legacy external link to version 3.94 or higher (Art.No. 00102)
- Update Com Redirector PnP external link to version 4.43 or higher (Art.No. 00111)
- Update OPC-Server external link to version 4.89 or higher (Art.No. 00103)
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 28.02.2024 08:00 | Initial revision. |
| 2 | 07.03.2024 09:50 | Update A |
| 3 | 14.05.2025 14:36 | Fix: reference category, added distribution |