![]() This assumes an attacker has access to a system with the Engineering Studio, where the Service Engine is started, where the Engineering Studio does not compile or overwrite the Service Engine files and the Service Engine files are created in the default directory.Īn attacker who successfully exploits the CVE-2023-3324 vulnerability may cause the Service Engine to deserialize file content using a method that is recognized as insecure, potentially leading to the Service Engine entering an unknown state or potentially causing the Service Engine to execute code. An attacker can place a tailored file containing the code to be executed onto the machine and modify a configuration file for the file of the attacker to be loaded.Īn attacker who successfully exploits the CVE-2023-3323 vulnerability may cause the Service Engine to execute code that was not intended to be executed by the project engineer. This assumes that an attacker has access to a Windows machine where the Service Grid components are installed, and no application whitelisting or similar technologies are used to prevent execution of untrusted code. ![]() Vulnerabilities have been reported in the SPRECON-V460 software platform affecting IIoT Services on Windows (formerly Service Grid) and the Service Engine on Windows.Īn attacker who successfully exploits the CVE-2023-3321 vulnerability may cause the Data Hub to load and execute arbitrary code in an elevated context. ![]() Vulnerability in the SPRECON-V460 software platform
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |