Share: Email | Twitter

ID

VDE-2024-018

Published

2024-02-28 08:00 (CET)

Last update

2024-03-07 09:50 (CET)

Vendor(s)

Wiesemann & Theis GmbH

Product(s)

Article No° Product Name Affected Version(s)
00102 Com Redirector Legacy <= 3.93
00111 Com Redirector PnP <= 4.42
00103 OPC-Server <= 4.88

Summary

Multiple Wiesemann & Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative privileges by inserting an executable file in the path of the affected product.

Update A, 07.03.2024

Incorrect version numbers have been corrected.


Last Update:

Dec. 2, 2024, 10:50 a.m.

Weakness

Unquoted Search Path or Element  (CWE-428) 

Summary

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.


Impact

A local attacker can execute arbitrary code through the affected products and gain administrative privileges by inserting an executable file in a specific path.

Solution

Remediation

Update Com Redirector Legacy to version 3.94 or higher (Art.No. 00102)
Update Com Redirector PnP to version 4.43 or higher (Art.No. 00111)
Update OPC-Server to version 4.89 or higher (Art.No. 00103)

Reported by

CERT@VDE coordinated with Wiesemann & Theis