CVE-2022-44725

Name of the Vulnerable Software and Affected Versions OPC Foundation Local Discovery Server (LDS) versions 1.04.403.478 and earlier

Description The issue is related to the incorrect assignment of permissions for a critical resource in the Local Discovery Server (LDS) of the Siemens software. This allows a remote attacker to elevate their privileges. Specifically, the OPC Foundation Local Discovery Server (LDS) uses a hard-coded file path to a configuration file, enabling a normal user to create a malicious file that is loaded by LDS, which runs as a high-privilege user.

Recommendations For OPC Foundation Local Discovery Server (LDS) versions 1.04.403.478 and earlier, consider restricting access to the configuration file to prevent a normal user from creating a malicious file that could be loaded by LDS. As a temporary workaround, restrict the use of the hard-coded file path until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.