Summary
The following tools:
* VisiWinNET Smart
* VisiWinNET Professional
* EASY UI Designer
create a directory with insufficient permissions, allowing a low-level user the ability to add and modify certain files that hold SYSTEM privileges, which could lead to privilege escalation.
Impact
The vulnerability allows a low-level user to escalate privileges to SYSTEM, which could lead to full system compromise.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Lenze EASY UI Designer | Firmware <1.6.0 | |
| Lenze VisiWinNET Professional | Firmware vers:all/* | |
| Lenze VisiWinNET Smart | Firmware vers:all/* |
Vulnerabilities
Expand / Collapse allAn issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
Mitigation
Only use this tool in a protected and controlled environment to minimize network impact and to ensure that the tool is inaccessable from outside. In addition, the use of firewalls is recommended to reduce the attack surface, specially to the internet and the internal business network.
Remediation
Lenze has released version 1.6.1 of the EASY UI Designer tool, which fixes the identified security vulnerability. The other two tools are no longer recommended for new applications and are being prepared for discontinuation.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 21.08.2024 09:00 | Initial revision. |
| 2 | 06.11.2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 13.03.2025 12:30 | Fix: product version |