CVE-2022-1261

Name of the Vulnerable Software and Affected Versions Matrikon OPC Server (all versions)

Description The issue is related to the implementation of the IPersistFile interface in the Matrikon OPC Server, which is associated with inadequate access control. This allows a low-privileged user connected to the OPC server to execute operating system processes with system-level privileges using the functions of the IPersistFile. The vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations For all versions of Matrikon OPC Server, consider restricting access to the IPersistFile functions to prevent low-privileged users from executing operating system processes with elevated privileges. As a temporary workaround, consider disabling the use of the IPersistFile interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.