Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Valmet DNA Local privilege escalation through insecure DCOM configuration
Vulnerability Description
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Valmet DNA 安全漏洞
Vulnerability Description
Valmet DNA是芬兰维美德(Valmet)公司的一个自动化和信息系统的平台.在这个单一的平台中,涵盖了过程控制, 机器控制, 质量控制,传动控制及设备运行状况监测系统。 Valmet DNA C2023之前版本存在安全漏洞,该漏洞源于不安全的DCOM配置导致本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A