EIP-2026-116945

PRE-CVE

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116945. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup describes an unquoted search path vulnerability in Certec EDV atvise SCADA server 2.5.9, which could allow local privilege escalation. The issue affects the 'atserver' service on Windows, potentially enabling arbitrary code execution with elevated privileges if an attacker can insert code in the system root path.

Description

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/39786

View Code ZIP pw:eip

The writeup describes an unquoted search path vulnerability in Certec EDV atvise SCADA server 2.5.9, which could allow local privilege escalation. The issue affects the 'atserver' service on Windows, potentially enabling arbitrary code execution with elevated privileges if an attacker can insert code in the system root path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Certec EDV atvise SCADA server 2.5.9

Auth required

Prerequisites: Local access to the system · Ability to insert executable code in the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026