Emerson PAC Machine Edition Unquoted Service Path Vulnerability in TrapiServer Service
Vulnerability
A vulnerability exists in Emerson PAC Machine Edition version 9.80, specifically in the TrapiServer service, due to an unquoted service path. This flaw allows local users to execute code with elevated privileges. Exploitation involves injecting malicious code into the unquoted path, which could then be executed with LocalSystem rights when the service starts.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious payloads as the LocalSystem user.
Reproduction
The vulnerability can be reproduced by creating a malicious executable and placing it in a directory that is not monitored by the operating system or security applications. The executable should be named in a way that exploits the unquoted service path of the TrapiServer service. Once the executable is in place, restarting the service or the computer will trigger the execution of the malicious code with elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.