CVE-2026-3315
5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/AU:Y/R:U/RE:L/U:Clear
Summary
Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASSA ABLOY | Visionline | 1.0 < 1.33 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
- CWE-250: CWE-250: Execution with Unnecessary Privileges
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
Workarounds
- Right-click on the folder C:\ProgramData\ASSA ABLOY\Visionline\webserver
- Select Properties
- Select the Security tab
- Click Advanced
- Click Disable inheritance
- Select Convert inherited permissions into explicit permissions on this object
- Remove Users from the list
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.