Share
## https://sploitus.com/exploit?id=PACKETSTORM:174268
# Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions   
Privilege Escalation  
# Date: 2023-08-09  
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia  
# Vendor Homepage: https://www.inosoft.com/  
# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)  
# Tested on: Windows  
# CVE: CVE-2023-31468  
  
Inosoft VisiWin is a completely open system with a configurable range of   
functions. It combines all features of classic HMI software with   
unlimited programming possibilities.  
The installation of the solution will create insecure folder, and this   
could allow a malicious user to manipulate file content or change   
legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with   
SYSTEM privileges) to compromise a system or to gain elevated   
privileges.  
  
This is the list of insecure files and folders with their respective   
permissions:  
  
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"  
C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)  
Everyone:(OI)(CI)(F)  
NT AUTHORITY\SYSTEM:(OI)(CI)(F)  
  
Successfully processed 1 files; Failed processing 0 files  
  
C:\>  
  
--------------------------------------------------------------------------------------------------------------------------------------------------------  
  
C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"  
C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)  
  
Everyone:(I)(F)  
  
NT AUTHORITY\SYSTEM:(I)(F)  
  
Successfully processed 1 files; Failed processing 0 files  
  
C:\>