MatrikonOPC has a patch to mitigate a files or directories accessible to external parties vulnerability in its MatrikonOPC Explorer, according to a report with NCCIC.
If the attacker has local access to the system, an attacker could exploit this vulnerability, discovered by Ilya Kapov of Positive Technologies who reported it to MatrikonOPC. This could allow an attacker to transfer unauthorized files from the host system, which could result in unauthorized information disclosure.
MatrikonOPC Explorer, Versions 5.0 and prior suffer from the vulnerability.
In the issue, successful exploitation of this vulnerability could allow an attacker to transfer unauthorized files from the host system. The attacker must have local access to be able to exploit this vulnerability.
CVE-2018-8714 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.7.
The product sees use mainly in the chemical and energy sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.
MatrikonOPC has made fixes available to resolve this vulnerability through a patch. Those using MatrikonOPC Explorer Versions 5.0 and prior can update to V188.8.131.52.
MatrikonOPC recommends the affected users follow the instructions below to download and install the patch:
1. Navigate to the MatrikonOPC website
2. Login with your credentials
3. Download the patch via this link
4. Run the patch installer, which will make all necessary changes
MatrikonOPC also published a security notification.