Lucene search
Simon Zuckerbraun - Trend Micro Zero Day InitiativeZDI-21-562HistoryMay 11, 2021 - 12:00 a.m.
Schneider Electric C-Bus Toolkit Incorrect Permission Assignment Privilege Escalation Vulnerability
2021-05-1100:00:00
Simon Zuckerbraun - Trend Micro Zero Day Initiative
www.zerodayinitiative.com
26
schneider electric
c-bus toolkit
privilege escalation
vulnerability
incorrect permission assignment
arbitrary code
product installer
low-privileged code
exploit
product folders
system context
EPSS
0.001
Percentile
41.5%
This vulnerability allows local attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
Related
cvelist
cvelist
CVE-2021-22716
2021-04-13 18:31:18
prion
prion
Remote code execution
2021-04-13 19:15:00
cve
cve
CVE-2021-22716
2021-04-13 19:15:14
nvd
nvd
CVE-2021-22716
2021-04-13 19:15:14
ics
ics
Schneider Electric C-Bus Toolkit
2021-04-15 12:00:00