Operation Technology ETAP 14.1.0 Local Privilege Escalation

Title: Operation Technology ETAP 14.1.0 Local Privilege Escalation
Advisory ID: ZSL-2016-5323
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 22.05.2016
Enterprise Software Solution for Electrical Power Systems. ETAP is the most comprehensive electrical engineering software platform for the design, simulation, operation, and automation of generation, transmission, distribution, and industrial systems. As a fully integrated model-driven enterprise solution, ETAP extends from modeling to operation to offer a Real-Time Power Management System.
ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.
Operation Technology, Inc. - http://www.etap.com
Affected Version
Tested On
Microsfot Windows 7 Professional SP1 (EN) x86_64
Microsoft Windows 7 Ultimate SP1 (EN) x86_64
Vendor Status
[07.04.2016] Vulnerabilities discovered.
[11.04.2016] Vendor contacted.
[21.05.2016] No response from the vendor.
[22.05.2016] Public security advisory released.
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
[1] https://cxsecurity.com/issue/WLB-2016050108
[2] https://www.exploit-db.com/exploits/39845/
[3] https://packetstormsecurity.com/files/137144
[4] http://www.vfocus.net/art/20160524/12703.html
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/113435
[22.05.2016] - Initial release
[23.05.2016] - Added reference [1], [2] and [3]
[25.05.2016] - Added reference [4]
[27.05.2016] - Added reference [5]
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk