CVE-2021-40389

Name of the Vulnerable Software and Affected Versions Advantech DeviceOn/iEdge Server version 1.0.2

Description The issue is related to incorrect default permission settings, allowing an attacker to escalate privileges using a specially-crafted file. This can lead to an attacker gaining NT SYSTEM authority. The vulnerability can be triggered by providing a malicious file.

Recommendations For Advantech DeviceOn/iEdge Server version 1.0.2, consider restricting access to sensitive files and directories to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor system activity closely for signs of privilege escalation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.