Share: Email | Twitter




2023-01-16 10:00 (CET)

Last update

2023-01-13 11:12 (CET)


HIMA Paul Hildebrandt GmbH


Article No° Product Name Affected Version(s)
892042400 HOPCS <= 3.56.4
894000016 X-OPC A+E <= 5.6.1210
894000015 X-OPC DA <= 5.6.1210
895900001 X-OTS <= 1.32.550


Unquoted Windows search path vulnerability in the below mentioned Software for Windows might allow local users to gain privileges via a malicious .exe file.

Last Update:

11. Januar 2023 07:45


Unquoted Search Path or Element  (CWE-428) 


In HIMA PC based Software in multiple versions an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.


The vulnerability can be used to run a malicious file with administrator privileges while being logged in as a normal user. Therefore, any action which is not restricted by other measures could be taken.

Due to the security manual HIMA recommends to run the OPC Server and the programming environment on different PCs.

The OPC can only influence the data defined in the project. It does not have the ability to change the project. For this reason HIMA estimates the influence of the OPC Server on the program of the safety PLC (Programmable Logic Controller) as unlikely.



Ensure that Registry can only be accessed with administrator privileges.
HOPCS: Install in a path without spaces and/or select a user with low privileges in the DCOM settings dcomcnfg/Identity.
When using X-OPC or X-OTS it is recommended to protect the user program, with the system variables (see Automation Security Manual “ Access Restrictions”):

  • Forcing Deactivation
  • Read-only in RUN
  • Reload Deactivation


All present products will be fixed. Updates are under development.
Note: HOPCS is not suitable for present HIMA Products and is not planned to be fixed.

Reported by

This vulnerability has been found by a HIMA customer.
Case handled by in cooperation with CERT@VDE