MegaTec UPSilon 2000 RupsMon.exe Service Executable Insecure Permissions Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the RupsMon.exe service executable of MegaTec UPSilon 2000 due to insecure permissions that grant the 'Everyone' group Full Control. This flaw enables local attackers to replace the executable with a malicious binary, executing code with SYSTEM privileges. Alternatively, attackers can modify the service's configuration path to execute commands, using the service management functions to achieve code execution and privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized code execution with SYSTEM privileges, leading to privilege escalation.

Added: Nov 26, 2025, 2:17 AM

Updated: Nov 26, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MegaTec UPSilon 2000 RupsMon.exe Service Executable Insecure Permissions Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating