Executive Summary

This vulnerability affects multiple Roboticsware products that register Windows services with unquoted file paths. Because the service paths are not enclosed in quotation marks, a user who has write permission on the root directory of the system drive can exploit this to execute arbitrary code with SYSTEM privileges. Essentially, the unquoted service paths create an unquoted search path vulnerability (CWE-428), allowing privilege escalation. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

If you have a Roboticsware product affected by this vulnerability and a user has write access to the root of your system drive, that user could exploit the unquoted service paths to run arbitrary code with SYSTEM-level privileges. This means an attacker could gain full control over the affected system, potentially leading to unauthorized actions, data compromise, or system disruption. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the registry entries for the services 'OpcEnum' and 'CategoryManager' to see if their ImagePath values are unquoted. Use the following commands in an elevated command prompt to query the registry values: reg query "HKLM\SYSTEM\CurrentControlSet\Services\OpcEnum" /v ImagePath reg query "HKLM\SYSTEM\CurrentControlSet\Services\CategoryManager" /v ImagePath If the ImagePath values are not enclosed in double quotes, the system is vulnerable. [2]

Useful 0 Not Useful 0

Mitigation Strategies

The recommended immediate mitigation is to apply the patch provided by Roboticsware. Download and extract the 'opc_security_patch.zip' file and run 'opc_security_patch.bat' with administrator rights. If applying the patch is not feasible, manually edit the registry as an administrator: open regedit, navigate to the keys for 'OpcEnum' and 'CategoryManager' services, and modify their 'ImagePath' values to enclose the full executable paths in double quotes. This prevents exploitation of the unquoted service path vulnerability. [1, 2]

Useful 0 Not Useful 0