Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCarlo Di DatoPACKETSTORM:174268
HistoryAug 22, 2023 - 12:00 a.m.

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

2023-08-2200:00:00
Carlo Di Dato
packetstormsecurity.com
131
inosoft visiwin
insecure folders
privilege escalation
builtin administrators
everyone
nt authority system
cve-2023-31468
windows

0.001 Low

EPSS

Percentile

23.8%

JSON
`# Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions   
Privilege Escalation  
# Date: 2023-08-09  
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia  
# Vendor Homepage: https://www.inosoft.com/  
# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)  
# Tested on: Windows  
# CVE: CVE-2023-31468  
  
Inosoft VisiWin is a completely open system with a configurable range of   
functions. It combines all features of classic HMI software with   
unlimited programming possibilities.  
The installation of the solution will create insecure folder, and this   
could allow a malicious user to manipulate file content or change   
legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with   
SYSTEM privileges) to compromise a system or to gain elevated   
privileges.  
  
This is the list of insecure files and folders with their respective   
permissions:  
  
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"  
C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)  
Everyone:(OI)(CI)(F)  
NT AUTHORITY\SYSTEM:(OI)(CI)(F)  
  
Successfully processed 1 files; Failed processing 0 files  
  
C:\>  
  
--------------------------------------------------------------------------------------------------------------------------------------------------------  
  
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"  
C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)  
  
Everyone:(I)(F)  
  
NT AUTHORITY\SYSTEM:(I)(F)  
  
Successfully processed 1 files; Failed processing 0 files  
  
C:\>  
  
`

Related

cvelist 1
prion 1
ics 1
zdt 1
cve 1
nvd 1
exploitdb 1
cvelist
cvelist
CVE-2023-31468
2023-09-11 00:00:00
prion
prion
Design/Logic Flaw
2023-09-11 19:15:00
ics
ics
Inosoft VisiWin
2024-05-30 12:00:00
zdt
zdt
Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Vulnerability
2023-08-21 00:00:00
cve
cve
CVE-2023-31468
2023-09-11 19:15:42
nvd
nvd
CVE-2023-31468
2023-09-11 19:15:42
exploitdb
exploitdb
Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
2023-08-21 00:00:00

0.001 Low

EPSS

Percentile

23.8%

JSON
Related for PACKETSTORM:174268
cvelist1prion1ics1zdt1cve1nvd1exploitdb1