Inconsistent Permissions in Measuresoft ScadaPro Server 6.7 Allow Privilege Escalation

Inconsistent Permissions in Measuresoft ScadaPro Server 6.7 Allow Privilege Escalation

CVE-2022-3263 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

Learn more about our Cis Benchmark Audit For Server Software.