Description

RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.

Related CPE's

a

robodk

robodk

Vulnerable

References

https://robodk.com/contact

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-01

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-732

[email protected]

Secondary
CWE-732

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-28T21:15:10.293

1 year ago

Last modified

2023-11-07T04:04:01.627

8 months ago