PT-2022-10155 · Unknown · In-Sight Opc Server

Amir Preminger

Published

2022-05-23

Updated

2022-06-07

CVE-2021-32935

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions In-Sight OPC Server versions v5.7.4 and prior

Description The issue allows a remote attacker to access system level permission commands and potentially achieve local privilege escalation due to the deserialization of untrusted data.

Recommendations For In-Sight OPC Server versions v5.7.4 and prior, update to a version that addresses the deserialization of untrusted data to prevent remote attackers from accessing system level permission commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-32935

Affected Products

In-Sight Opc Server

PT-2022-10155 · Unknown · In-Sight Opc Server

CVE-2021-32935

Weakness Enumeration

Related Identifiers

Affected Products

References · 5