CVE-2023-1516

Summary

RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.  

Affected Software

VendorProductVersion RangeStatus
RoboDKRoboDK0 <= 5.5.3affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

Workarounds

RoboDK has not responded to requests to work with CISA to mitigate this vulnerability. Users of the affected product are encouraged to contact RoboDK support for additional information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References