CVE-2025-64151
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-06
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| roboticsware | pa-panel6 | * |
| roboticsware | ba-panel6 | * |
| roboticsware | fa-panel6 | * |
| roboticsware | fa-server6 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects multiple Roboticsware products that register Windows services with unquoted file paths. Because the service paths are not enclosed in quotation marks, a user who has write permission on the root directory of the system drive can exploit this to execute arbitrary code with SYSTEM privileges. Essentially, the unquoted service paths create an unquoted search path vulnerability (CWE-428), allowing privilege escalation. [1, 2]
How can this vulnerability impact me? :
If you have a Roboticsware product affected by this vulnerability and a user has write access to the root of your system drive, that user could exploit the unquoted service paths to run arbitrary code with SYSTEM-level privileges. This means an attacker could gain full control over the affected system, potentially leading to unauthorized actions, data compromise, or system disruption. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the registry entries for the services 'OpcEnum' and 'CategoryManager' to see if their ImagePath values are unquoted. Use the following commands in an elevated command prompt to query the registry values: reg query "HKLM\SYSTEM\CurrentControlSet\Services\OpcEnum" /v ImagePath reg query "HKLM\SYSTEM\CurrentControlSet\Services\CategoryManager" /v ImagePath If the ImagePath values are not enclosed in double quotes, the system is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to apply the patch provided by Roboticsware. Download and extract the 'opc_security_patch.zip' file and run 'opc_security_patch.bat' with administrator rights. If applying the patch is not feasible, manually edit the registry as an administrator: open regedit, navigate to the keys for 'OpcEnum' and 'CategoryManager' services, and modify their 'ImagePath' values to enclose the full executable paths in double quotes. This prevents exploitation of the unquoted service path vulnerability. [1, 2]