CVE-2022-44725 is a high-severity vulnerability affecting the OPC Foundation Local Discovery Server (LDS) up to version 1.04.403.478. The core issue stems from the LDS using a hard-coded file path to a configuration file. This design flaw allows a normal, non-privileged user to create or place a malicious file at the specified path. Since the LDS service runs with high privileges, it will load this malicious configuration file, leading to a potential privilege escalation. The vulnerability is classified under CWE-732, which relates to incorrect permission assignment for critical resources. The CVSS v3.1 score is 7.8, indicating a high severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack requires local access with low complexity, low privileges, and no user interaction, but can fully compromise confidentiality, integrity, and availability of the affected system. Although no known exploits have been reported in the wild, the vulnerability presents a significant risk due to the elevated privileges of the LDS process and the ease with which a local attacker can exploit the hard-coded path. The LDS is a component used in OPC UA (Open Platform Communications Unified Architecture) environments, which are common in industrial control systems (ICS) and critical infrastructure sectors for device discovery and communication facilitation. The lack of a patch link suggests that remediation may require vendor intervention or configuration changes by administrators.

For European organizations, particularly those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a serious threat. Exploitation could allow an attacker with local access—such as an insider or someone who has compromised a lower-privileged account—to escalate privileges to a highly privileged context. This can lead to unauthorized control over industrial devices, manipulation of operational data, disruption of services, and potential sabotage of critical processes. The compromise of LDS could also serve as a foothold for lateral movement within industrial networks, increasing the risk of broader operational technology (OT) environment compromise. Given the reliance on OPC UA standards across European industrial sectors, the vulnerability could impact confidentiality (exposure of sensitive operational data), integrity (tampering with control commands or configurations), and availability (disruption of discovery services and related operations). The absence of known exploits in the wild does not diminish the risk, as the vulnerability is straightforward to exploit locally and could be leveraged in targeted attacks against high-value industrial targets.

1. Immediate mitigation involves restricting local user permissions to prevent unauthorized file creation or modification in the directories used by LDS for configuration files. Implement strict access control lists (ACLs) on the file system level to ensure only trusted administrative accounts can write to these paths. 2. Monitor and audit file system changes in the LDS configuration directories to detect any unauthorized or suspicious file creations. 3. Isolate the LDS service environment by running it in a hardened container or sandbox with minimal privileges and strict file system controls to limit the impact of potential exploitation. 4. Network segmentation should be enforced to limit local access to systems running LDS, reducing the attack surface for potential local attackers. 5. Engage with the OPC Foundation or relevant vendors to obtain patches or updated versions that address the hard-coded path issue. If unavailable, consider alternative discovery mechanisms or temporary disabling of the LDS service if operationally feasible. 6. Implement endpoint detection and response (EDR) solutions with behavioral analytics tuned to detect anomalous file access or privilege escalation attempts related to LDS. 7. Conduct regular security training for personnel with local access to critical systems to raise awareness about the risks of local file manipulation.