Share: Email | Twitter

ID

VDE-2024-021

Published

2024-05-21 08:00 (CEST)

Last update

2024-05-21 07:57 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
WAGO Navigator 1.0
WAGO Navigator 1.0.1

Summary

The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.

Vulnerabilities



Last Update
30. August 2024 09:24
Weakness
Untrusted Search Path (CWE-426)
Summary

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

Last Update
30. August 2024 09:24
Weakness
Incorrect Permission Assignment for Critical Resource (CWE-732)
Summary

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

Impact

The vulnerabilities affect the previous versions installer itself, leading to a potential privilege escalation during installation of WAGO Navigator. Already installed versions are not affected as long as the installer is not executed again.

Solution

A fix is available with the WAGO Navigator 1.0.2 and is accessible through the WAGO download center.

Reported by

CERT@VDE coordinated with WAGO