PT-2023-23346 · Inosoft Gmbh · Inosoft Visiwin
Carlo Di Dato
·
Published
2023-09-11
·
Updated
2024-07-12
·
CVE-2023-31468
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Inosoft VisiWin versions 7 through 2022-2.1
Description
An issue was discovered in the "%PROGRAMFILES(X86)%INOSOFT GmbH" folder, which has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.
Recommendations
For versions 7 through 2022-2.1, update to version 2024-1 to resolve the issue. As a temporary workaround, consider restricting access to the "%PROGRAMFILES(X86)%INOSOFT GmbH" folder to prevent an attacker from inserting malicious files.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inosoft Visiwin