CVE-2023-31468

HIGH

Inosoft VisiWin <2022-2.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31468. PoCs published by shinnai.

AI-analyzed exploit summary This exploit details insecure folder permissions in Inosoft VisiWin 7 up to version 2022-2.1, where the installation directory and critical executables (e.g., VisiWin7.Server.Manager.exe) are writable by the 'Everyone' group, allowing privilege escalation via file manipulation.

Description

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.

Exploits (1)

exploitdb WRITEUP
by shinnai · textlocalwindows
https://www.exploit-db.com/exploits/51682

This exploit details insecure folder permissions in Inosoft VisiWin 7 up to version 2022-2.1, where the installation directory and critical executables (e.g., VisiWin7.Server.Manager.exe) are writable by the 'Everyone' group, allowing privilege escalation via file manipulation.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Inosoft VisiWin 7 up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)
No auth needed
Prerequisites: Local access to the system · Inosoft VisiWin 7 installed with default permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 7.8
EPSS 0.0009
EPSS Percentile 26.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-276
Status published
Products (1)
inosoft/visiwin_7 < 2022-2.1
Published Sep 11, 2023
Tracked Since Feb 18, 2026