← Back to home
ICSA-12-258-01  ·  Published 2025-06-19  ·  View on CISA ICS-CERT ↗

IOServer OPC Server Multiple Vulnerabilities

CVSS 4.3 MEDIUM

CVEs (1)

Remediations

  • IOServer has created a new version (Version 1.0.19.0IOServer version 1.0.19.0, http://www.ioserver.com/driver19.exe) to correct the directory traversal vulnerability (Vulnerability #3 above). The researcher has found that this new version still contains insufficient access controls (Vulnerability #1) and allows directory listings (Vulnerability #2) inside the root directory and its subdirectories.
  • In addition to the patch, the researcher recommends that users ensure that the “Root Directory” configuration value has a trailing backslash. This helps to mitigate the remaining issues, although an attacker can still get a directory listing of the root directory itself (but not subdirectories) with this in place.

Affected Vendors

IOServer

Affected Products (1)

IOServer · OPC Server <=1.0.18.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more