CVE-2021-40397

Name of the Vulnerable Software and Affected Versions Advantech WISE-PaaS/OTA Server version 3.0.9

Description A privilege escalation issue exists due to improper default permission settings, allowing an attacker to elevate privileges to NT SYSTEM authority by replacing a specially-crafted file in the system. This can be triggered by providing a malicious file.

Recommendations For Advantech WISE-PaaS/OTA Server version 3.0.9, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor file replacements and system changes closely to detect potential malicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.