Lucene search
Michael DePlante (@izobashi) of Trend Micro's Zero Day InitiativeZDI-22-1148HistoryAug 23, 2022 - 12:00 a.m.
Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability
2022-08-2300:00:00
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
8
vulnerability
local privilege escalation
measuresoft scadapro client
exploit
symbolic link
installer flaw
arbitrary code
system context
0.001 Low
EPSS
Percentile
26.8%
This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ScadaPro Client installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
nvd
nvd
CVE-2022-2897
2022-08-31 21:15:08
zdi
zdi
prion
prion
Privilege escalation
2022-08-31 21:15:00
cve
cve
CVE-2022-2897
2022-08-31 21:15:08
cvelist
cvelist
CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following
2022-08-23 00:00:00
ics
ics
Measuresoft ScadaPro Server and Client
2022-08-23 12:00:00