CVE-2021-35312

HIGH

CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35312. PoCs published by Andrea Intilangelo.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Amica Prodigy 1.7 due to incorrect permissions on 'RemoteBackup.Service.exe', allowing local users to replace it with a malicious file executed as LocalSystem.

Description

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.

Exploits (1)

exploitdb WORKING POC
by Andrea Intilangelo · textlocalwindows
https://www.exploit-db.com/exploits/50184

This exploit demonstrates a privilege escalation vulnerability in Amica Prodigy 1.7 due to incorrect permissions on 'RemoteBackup.Service.exe', allowing local users to replace it with a malicious file executed as LocalSystem.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Amica Prodigy 1.7
Auth required
Prerequisites: Local access to the system · Authenticated user privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/163744/Amica-Prodigy-1.7-Privilege-Escalation.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/163744/Amica-Prodigy-1.7-Privilege-Escalation.html

Scores

CVSS v3 7.8
EPSS 0.0113
EPSS Percentile 62.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
gestionaleamica/amica_prodigy 1.7
Published Aug 06, 2021
Tracked Since Feb 18, 2026