CVE-2023-45793

Name of the Vulnerable Software and Affected Versions Siveillance Control versions 2.8 through 3.1.1

Description A vulnerability has been identified in the affected product, related to insufficient checks on the list of access groups assigned to individual users. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. The issue is associated with deficiencies in the authorization mechanism, which could allow an attacker to obtain write access to objects for which they only had read access.

Recommendations For versions 2.8 through 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive objects to minimize the risk of exploitation. Additionally, review and adjust access group assignments to ensure that users do not have unnecessary privileges.