CVE-2026-3315

Summary

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.

Affected Software

VendorProductVersion RangeStatus
ASSA ABLOYVisionline1.0 < 1.33affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions
  • CWE-250: CWE-250: Execution with Unnecessary Privileges
  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

Workarounds

  • Right-click on the folder C:\ProgramData\ASSA ABLOY\Visionline\webserver
  • Select Properties
  • Select the Security tab
  • Click Advanced
  • Click Disable inheritance
  • Select Convert inherited permissions into explicit permissions on this object
  • Remove Users from the list

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References