漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sprecher Automation SPRECON-E Service Program 权限许可和访问控制漏洞
Vulnerability Description
Sprecher Automation SPRECON-E Service Program是奥地利Sprecher Automation公司的一套提供包括运行咨询、规划、开发,工程和设备现场安装、调试和操作员培训的服务包应用程序。 Sprecher Automation SPRECON-E Service Program 3.43 SP0之前的版本中存在提权漏洞。攻击者可借助特制的访问权限利用该漏洞获取提升的权限。
CVSS Information
N/A
Vulnerability Type
N/A