{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37235?format=json","vulnerability_id":"VCID-hhwy-abrj-akea","summary":"HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\\SYSTEM.","aliases":[{"alias":"CVE-2024-38456"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38456","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24398","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24588","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24603","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24592","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38456"},{"reference_url":"https://www.vivavis.com/en/solution/scada-en/high-leit/","reference_id":"high-leit","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T19:15:11Z/"}],"url":"https://www.vivavis.com/en/solution/scada-en/high-leit/"},{"reference_url":"https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001/","reference_id":"schutzwerk-sa-2024-001","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T19:15:11Z/"}],"url":"https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001/"},{"reference_url":"https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456/","reference_id":"vivavis-high-leit-rce-vulnerability-cve-2024-38456","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T19:15:11Z/"}],"url":"https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456/"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.8 - 7.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhwy-abrj-akea"}