Path traversal

2024-01-1017:15:00

PRIOn knowledge base

www.prio-n.com

uncontrolled search path

vulnerability

local adversary

escalate privileges

host trojanized software

initial access

code execution

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

CPENameOperatorVersion
kepware_kepserverexge6.0.2107.0
kepware_kepserverexle6.14.263.0
thingworx_industrial_connectivityge8.0
thingworx_industrial_connectivityle8.5
thingworx_kepware_serverge6.8
thingworx_kepware_serverle6.14.263.0

Name	Operator	Version
kepware_kepserverex	ge	6.0.2107.0
kepware_kepserverex	le	6.14.263.0
thingworx_industrial_connectivity	ge	8.0
thingworx_industrial_connectivity	le	8.5
thingworx_kepware_server	ge	6.8
thingworx_kepware_server	le	6.14.263.0