CVE-2022-23104

low-risk
Published 2022-02-24

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Win-911 2021 R1
Win-911 2021 R2

Affected Vendors

Win-911

References (4)

Vendor Advisory https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-20...
Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03
Vendor Advisory https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-20...
Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low