Описание
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.
EPSS
Процентиль: 2%
0.00015
Низкий
Дефекты
CWE-268
Связанные уязвимости
github
около 1 месяца назад
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.
EPSS
Процентиль: 2%
0.00015
Низкий
Дефекты
CWE-268