Inosoft VisiWin 7 2022-2.1 – Insecure Folders Permissions

• Exploit Database
• 31 阅读

• 作者： shinnai
  日期： 2023-08-21
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51682/

• # Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions 
  Privilege Escalation
  # Date: 2023-08-09
  # Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
  # Vendor Homepage: https://www.inosoft.com/
  # Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)
  # Tested on: Windows
  # CVE: CVE-2023-31468
  
  Inosoft VisiWin is a completely open system with a configurable range of 
  functions. It combines all features of classic HMI software with 
  unlimited programming possibilities.
  The installation of the solution will create insecure folder, and this 
  could allow a malicious user to manipulate file content or change 
  legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with 
  SYSTEM privileges) to compromise a system or to gain elevated 
  privileges.
  
  This is the list of insecure files and folders with their respective 
  permissions:
  
  C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"
  C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)
   Everyone:(OI)(CI)(F)
   NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\>
  
  --------------------------------------------------------------------------------------------------------------------------------------------------------
  
  C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"
  C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)
  
  Everyone:(I)(F)
  
  NT AUTHORITY\SYSTEM:(I)(F)
  
  Successfully processed 1 files; Failed processing 0 files
  
  C:\>