CVSS 3.1 Score 7.2 of 10 (high)


Published Jul 28, 2023
Updated: Aug 4, 2023
CWE ID 428


CVE-2023-2685 is a vulnerability found in AO-OPC server versions. It allows potential attackers to call up another application instead of the AO-OPC server by starting the service, as the directory information for the service entry is not enclosed in quotation marks. This could lead to a shift in user access privileges, potentially posing a danger to an organization. However, exploiting this vulnerability is unlikely in well-maintained Windows installations unless the attacker has write access to system folders. An update is available to resolve this vulnerability in the affected product versions.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-2685 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options