Primary

Context

Valmet DNA Local Privilege Escalation Vulnerability via Insecure DCOM Configuration

Vulnerability

A local privilege escalation vulnerability has been identified in Valmet DNA versions prior to C2023, stemming from an insecure DCOM configuration. The DCOM object 'Valmet DNA Engineering' is misconfigured, allowing it to execute commands as a user with the 'SeImpersonatePrivilege'. This Windows permission enables a process to impersonate another user, potentially allowing an attacker to escalate privileges and gain full control of the system.

Impact

Exploitation of this vulnerability allows local users to escalate privileges to 'SYSTEM', thereby gaining complete control over the affected system.

Remediation

Users can obtain the patched version through Valmet Automation Customer Service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Valmet DNA Local Privilege Escalation Vulnerability via Insecure DCOM Configuration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating