Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sprecher Automation SPRECON-E Service Program 权限许可和访问控制漏洞
Vulnerability Description
Sprecher Automation SPRECON-E Service Program是奥地利Sprecher Automation公司的一套提供包括运行咨询、规划、开发,工程和设备现场安装、调试和操作员培训的服务包应用程序。 Sprecher Automation SPRECON-E Service Program 3.43 SP0之前的版本中存在提权漏洞。攻击者可借助特制的访问权限利用该漏洞获取提升的权限。
CVSS Information
N/A
Vulnerability Type
N/A