Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation

vendor:

VisiWin

by:

Carlo Di Dato for Deloitte Risk Advisory Italia

7.8

CVSS

HIGH

Insecure Folders Permissions

732

CWE

Product Name: VisiWin

Affected Version From: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)

Affected Version To: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)

Patch Exists: NO

Related CWE: CVE-2023-31468

CPE: a:inosoft:visiwin:7.0

Metasploit:

Other Scripts:

Platforms Tested: Windows

2023

Inosoft VisiWin 7 2022-2.1 – Insecure Folders Permissions Privilege Escalation

The installation of Inosoft VisiWin 7 creates insecure folders with incorrect permissions. This allows a malicious user to manipulate file content or change legitimate files to compromise a system or gain elevated privileges.

Mitigation:

Apply proper permissions to the folders and files created by Inosoft VisiWin 7 during installation.

Source

Exploit-DB raw data:

# Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions 
Privilege Escalation
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://www.inosoft.com/
# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)
# Tested on: Windows
# CVE: CVE-2023-31468

Inosoft VisiWin is a completely open system with a configurable range of 
functions. It combines all features of classic HMI software with 
unlimited programming possibilities.
The installation of the solution will create insecure folder, and this 
could allow a malicious user to manipulate file content or change 
legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with 
SYSTEM privileges) to compromise a system or to gain elevated 
privileges.

This is the list of insecure files and folders with their respective 
permissions:

C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"
C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)
                                     Everyone:(OI)(CI)(F)
                                     NT AUTHORITY\SYSTEM:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

C:\>

--------------------------------------------------------------------------------------------------------------------------------------------------------

C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"
C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)
                                                                          
          Everyone:(I)(F)
                                                                          
          NT AUTHORITY\SYSTEM:(I)(F)

Successfully processed 1 files; Failed processing 0 files

C:\>