Summary
The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.
Impact
The vulnerabilities affect the previous versions installer itself, leading to a potential privilege escalation during installation of WAGO Navigator. Already installed versions are not affected as long as the installer is not executed again.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| WAGO Navigator 1.0 | WAGO Navigator 1.0 | |
| WAGO Navigator 1.0.1 | WAGO Navigator 1.0.1 |
Vulnerabilities
Expand / Collapse allWiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
Remediation
A fix is available with the WAGO Navigator 1.0.2 and is accessible through the WAGO download center.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 21.05.2024 08:00 | Initial revision. |