3 matches found
CVE-2022-3263 Measuresoft ScadaPro Server Improper Access Control
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...
CVE-2022-3263
CVE-2022-3263 affects Measuresoft ScadaPro Server 6.7. The issue is an improper access control (CWE-284) where the ORCHESTRATOR service has inconsistent permissions, allowing a local low-privileged user to modify the service binary path and execute commands with SYSTEM privileges. Public sources ...
Measuresoft ScadaPro Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user with limited privileges to modify the service binary...