Roboticsware Products Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in multiple Roboticsware products due to the registration of Windows services with unquoted file paths. This issue affects FA-Panel6, BA-Panel6, PA-Panel6, and FA-Server6, all through and including Rev17. A user with write permissions on the root directory of the system drive could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with SYSTEM privileges.

Remediation

Users are advised to apply the patch provided by Roboticsware. After installing the patch, download the 'opc_security_patch.zip' file from the Roboticsware download page, extract it, and run the 'opc_security_patch.bat' file as an administrator. If applying the patch is not feasible, the registry can be edited manually to enclose the ImagePath values of the OpcEnum and CategoryManager services in quotes, ensuring they point to the correct executable paths.