| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 892042400 | HOPCS | <= 3.56.4 |
| 894000016 | X-OPC A+E | <= 5.6.1210 |
| 894000015 | X-OPC DA | <= 5.6.1210 |
| 895900001 | X-OTS | <= 1.32.550 |
Unquoted Windows search path vulnerability in the below mentioned Software for Windows might allow local users to gain privileges via a malicious .exe file.
In HIMA PC based Software in multiple versions an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
The vulnerability can be used to run a malicious file with administrator privileges while being logged in as a normal user. Therefore, any action which is not restricted by other measures could be taken.
Due to the security manual HIMA recommends to run the OPC Server and the programming environment on different PCs.
The OPC can only influence the data defined in the project. It does not have the ability to change the project. For this reason HIMA estimates the influence of the OPC Server on the program of the safety PLC (Programmable Logic Controller) as unlikely.
Mitigation
Ensure that Registry can only be accessed with administrator privileges.
HOPCS: Install in a path without spaces and/or select a user with low privileges in the DCOM settings dcomcnfg/Identity.
When using X-OPC or X-OTS it is recommended to protect the user program, with the system variables (see Automation Security Manual “3.2.2.2 Access Restrictions”):
Remediation
All present products will be fixed. Updates are under development.
Note: HOPCS is not suitable for present HIMA Products and is not planned to be fixed.
This vulnerability has been found by a HIMA customer.
Case handled by PSIRT@hima.com in cooperation with CERT@VDE