CVE-2023-2685

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 28, 2023

Updated: Aug 4, 2023

CWE ID 89

Summary

CVE-2023-2685 is a vulnerability affecting certain versions of AO-OPC servers. The issue lies in the lack of quotation marks around directory information for service entries, allowing potential attackers to call up unintended applications with system user privileges. This could result in a shift in user access privileges. While the exploitation is unlikely on well-maintained Windows installations requiring write access to system folders, an update is recommended to resolve the vulnerability identified in AO-OPC version 3.2.1 during an internal review.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/qnsVCe
https://www.cve.org/CVERecord?id=CVE-2023-2685
https://nvd.nist.gov/vuln/detail/CVE-2023-2685

Back to Vulnerability Database

CVE-2023-2685

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations