PatchSiren cyber security CVE debrief
CVE-2023-31468 Inosoft CVE debrief
CVE-2023-31468 is a high-severity local privilege escalation vulnerability in Inosoft VisiWin 7, published by CISA on May 30, 2024. The vulnerability stems from a directory created with insufficient permissions, allowing low-privileged users to add and modify files that execute with SYSTEM privileges. This weakness enables authenticated attackers with local access to escalate privileges without user interaction. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability. Inosoft has released VisiWin version 2024-1 to address this issue. Organizations should prioritize patching, especially in industrial control environments where VisiWin is deployed.
- Vendor
- Inosoft
- Product
- Inosoft VisiWin 7: <2024-1
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-30
- Original CVE updated
- 2024-05-30
- Advisory published
- 2024-05-30
- Advisory updated
- 2024-05-30
Who should care
Organizations running Inosoft VisiWin 7 in industrial automation and control system environments should prioritize this patch. System administrators responsible for HMI (Human-Machine Interface) and SCADA deployments, OT security teams, and asset owners in manufacturing, energy, and critical infrastructure sectors are most affected. The local attack vector suggests insider threats or compromised endpoints pose the greatest risk.
Technical summary
The vulnerability exists in the VisiWin 7 software suite where a directory is created with overly permissive access controls. This configuration error allows any authenticated local user to write or modify files within the directory. Certain files in this location execute with SYSTEM privileges, meaning an attacker can place malicious content that will run with elevated permissions. The attack requires local access and valid user credentials but does not require user interaction. Successful exploitation grants complete control over the affected system with impacts to confidentiality, integrity, and availability.
Defensive priority
high
Recommended defensive actions
- Upgrade to VisiWin version 2024-1 or later to remediate the directory permission vulnerability
- Review and restrict file system permissions on VisiWin installation directories as a compensating control until patching is complete
- Audit local user accounts with access to VisiWin systems and apply principle of least privilege
- Monitor for unauthorized file modifications in VisiWin program directories
- Apply CISA ICS recommended practices for defense-in-depth in industrial control environments
Evidence notes
CISA ICS advisory ICSA-24-151-03 confirms the vulnerability exists in VisiWin 7 versions prior to 2024-1. The advisory identifies the root cause as directory permissions that allow low-level users to modify files with SYSTEM-level execution context. No evidence of active exploitation or ransomware campaign use was identified in the source corpus.
Official resources
-
CVE-2023-31468 CVE record
CVE.org
-
CVE-2023-31468 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-30