CVE-2021-21912

Vulnerability

The vulnerability exists in the Windows installation of Advantech R-SeeNet version 2.4.15 (30.07.2021). The Apache2.2 service binary file located in the C:\R-SeeNet directory has incorrect default permissions, allowing the "Authenticated Users" group to have "Full/Change" privileges over the executable. This service runs with NT SYSTEM authority. [1]

Exploitation

An attacker with local authenticated access (any user in the Authenticated Users group) can replace the Apache2.2 service executable with a malicious file. The attacker does not need administrative privileges. After replacement, the attacker must restart the service (or wait for a system restart) to trigger execution of the malicious binary with NT SYSTEM privileges. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code with NT SYSTEM authority, the highest privilege level on Windows. This leads to full compromise of the system, including complete control over confidentiality, integrity, and availability. [1]

Mitigation

Advantech has not released a patch as of the publication date (2021-12-22). Users should restrict permissions on the C:\R-SeeNet directory to prevent unauthorized modifications, or monitor for unauthorized file changes. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing. [1]