CVE-2023-2685

Name of the Vulnerable Software and Affected Versions AO-OPC server versions prior to 3.2.1

Description A vulnerability was found in the AO-OPC server where the directory information for the service entry is not enclosed in quotation marks. This could allow potential attackers to call up another application than the AO-OPC server by starting the service, possibly with system user privileges, which could cause a shift in user access privileges. It is unlikely to exploit this issue in well-maintained Windows installations since the attacker would need write access to system folders.

Recommendations For AO-OPC server versions prior to 3.2.1, update to version 3.2.1 to resolve the vulnerability. As a temporary workaround, consider restricting access to the service entry to minimize the risk of exploitation.