Mechrevo Control Center GX Uncontrolled Search Path Vulnerability in PowerShell Script Handler

A vulnerability allowing local privilege escalation has been identified in Mechrevo Control Center GX version 2.5.56.51.48. The issue arises in the PowerShell Script Handler component, where the application executes scripts from a user-modifiable directory without verifying their integrity. This flaw allows local users to alter the scripts and execute arbitrary code with high privileges, as the Control Center runs these scripts as the SYSTEM user.

Impact

Exploitation of this vulnerability allows local users to escalate privileges by executing arbitrary code as the SYSTEM user.

Reproduction

To reproduce this vulnerability, local access to a machine with Mechrevo Control Center GX version 2.5.56.51.48 is required. Once access is obtained, navigate to the directory 'C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command'. PowerShell command scripts stored in this directory can be modified. The Control Center will execute these scripts with high integrity privileges, as it runs them under the NT AUTHORITY\SYSTEM account. By tampering with the PowerShell files to include malicious code, local privilege escalation can be achieved.