SICK MEAC300 Privilege Escalation Vulnerability

A vulnerability allowing privilege escalation has been identified in the SICK MEAC300 application. This issue arises because standard users can use the 'run as' function to launch MEAC applications with administrative rights. To facilitate automatic system startups, administrator credentials were stored, enabling the EPC2 user to execute any command with elevated privileges. As a result, this vulnerability allows unauthorized users to gain administrative access on the affected system.

Impact

Exploitation of this vulnerability allows standard users to escalate privileges to the administrative level, potentially leading to unauthorized access and control over the application and its functionalities.

Remediation

Users are strongly advised to upgrade to the latest version of SICK MEAC300 (version 4.0.54.21 or later), which includes a patch for this vulnerability.