The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
Credits
@rgod777, working with Trend Micro Zero Day Initiative, reported this vulnerability to CISA.
