Measuresoft ScadaPro Server Improper Access Control

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

访问控制不恰当

Measuresoft ScadaPro Server 访问控制错误漏洞

Measuresoft ScadaPro Server是爱尔兰Measuresoft公司的一个功能强大的实时数据采集软件包。提供监控、数据记录、模拟开发和报告生成。 Measuresoft ScadaPro Server 6.7 版本存在访问控制错误漏洞。攻击者利用该漏洞使用SYSTEM权限执行恶意命令。

N/A

N/A