MegaTec UPSilon 2000 Unquoted Service Path Vulnerability in RupsMon and USBMate Services Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the RupsMon and USBMate services of MegaTec UPSilon 2000, which run with SYSTEM privileges and feature unquoted service paths. This configuration enables local attackers to intercept paths and escalate privileges, provided they have write permissions in the directories leading to the actual service executables.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation by allowing a local attacker to gain elevated rights on the system.

Added: Nov 26, 2025, 2:17 AM

Updated: Nov 26, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MegaTec UPSilon 2000 Unquoted Service Path Vulnerability in RupsMon and USBMate Services Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating