2 matches found
CVE-2021-40396
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-40396
Advantech DeviceOn/iService 1.1.7 is affected by a privilege-escalation flaw from overly-permissive installation directory permissions. According to TALOS-2021-1408, the Server binaries in c:\Program Files\Advantech\WISE-DeviceOn\database\PostgreSQL\pgsql\bin\ (psql.exe, pg_ctl.exe, postgres.exe)...