CVE-2023-1516
7.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Summary
RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RoboDK | RoboDK | 0 <= 5.5.3 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
Workarounds
RoboDK has not responded to requests to work with CISA to mitigate this vulnerability. Users of the affected product are encouraged to contact RoboDK support for additional information.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.