CVE-2021-40396

Name of the Vulnerable Software and Affected Versions Advantech DeviceOn/iService version 1.1.7

Description A privilege escalation issue exists due to incorrect default permission settings, allowing an attacker to elevate privileges using a specially-crafted file. This can be triggered by replacing a file in the system, resulting in escalated privileges to NT SYSTEM authority.

Recommendations For Advantech DeviceOn/iService version 1.1.7, consider restricting access to sensitive files and directories to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor system file integrity and access logs closely to detect potential exploitation attempts.