Lucene search

[email protected]CVE-2023-31468

HistorySep 11, 2023 - 7:15 p.m.

CVE-2023-31468

2023-09-1119:15:42

CWE-276

[email protected]

web.nvd.nist.gov

cve-2023-31468

inosoft visiwin 7

weak permissions

vulnerability

nvd

security issue

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The “%PROGRAMFILES(X86)%\INOSOFT GmbH” folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.

Affected configurations

NVD

Node

inosoftvisiwin_7Range≤2022-2.1

CPENameOperatorVersion
inosoft:visiwin_7inosoft visiwin 7le2022-2.1

CPE	Name	Operator	Version
inosoft:visiwin_7	inosoft visiwin 7	le	2022-2.1

References

packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html

cwe.mitre.org/data/definitions/276.html

www.cisa.gov/news-events/ics-advisories/icsa-24-151-03

www.exploit-db.com/exploits/51682

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

www.inosoft.com/en/news-details/news/neue-visiwin-version-2024-1

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for CVE-2023-31468

zdt1 ics1 packetstorm1 cvelist1 prion1 nvd1 exploitdb1