CVE-2023-31468

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 11, 2023
Updated: Jul 12, 2024
CWE ID 276

Summary

CVE-2023-31468 is a vulnerability affecting Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). This issue arises due to weak folder permissions for the "C:\Program Files(x86)\INOSOFT GmbH" directory, which is accessible to Everyone. An attacker can exploit this vulnerability by inserting a malicious file, potentially a Trojan horse, that runs with SYSTEM privileges. The vulnerable versions can be upgraded to the fixed version, 2024-1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share