Description


RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.

Related CPE's


Vulnerable

References



https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01

Third Party AdvisoryUS Government Resource

Weaknesses



CWE-732


CWE-732

CVSS impact metrics


CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-28T21:15:10.293

1 year ago

Last modified

2023-11-07T04:04:01.627

7 months ago