Filtered by vendor Megatec
Subscriptions
Filtered by product Upsilon2000
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66269 | 1 Megatec | 1 Upsilon2000 | 2025-11-27 | N/A |
| The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables live in | ||||
| CVE-2025-66266 | 1 Megatec | 1 Upsilon2000 | 2025-11-27 | N/A |
| The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation | ||||
Page 1 of 1.