Description

RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.

Related CPE's

a

robodk

robodk

Vulnerable

References

https://robodk.com/contact

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01

Third Party AdvisoryUS Government Resource

https://robodk.com/contact

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Secondary
CWE-732

[email protected]

Primary
CWE-732

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

7.9 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-28T19:15:10.293Z

2 years ago

Last modified

2024-11-21T06:39:21.057Z

1 year ago