CWE-276: INCORRECT DEFAULT PERMISSIONS: The affected product is vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.

Risk Information

  • CVE ID
  • CVE-2022-23104
  • Vendor
  • WIN-911
  • Product
  • WIN-911-2021
  • CVSS v3
  • 5.6