CVE-2024-38456 is a vulnerability in the Vivavis HIGH-LEIT Windows software, specifically versions V05.08.01.03 and from V04.25.00.00 up to 4.25.01.01. The root cause is insecure file and folder permissions assigned to prunsrv.exe, a service executable. This misconfiguration allows any regular (non-administrative) user with local access to exploit the weakness by modifying or replacing the executable or related files, thereby escalating their privileges to NT AUTHORITY\SYSTEM. This level of privilege escalation enables the attacker to execute arbitrary code with the highest system privileges, compromising confidentiality, integrity, and availability of the affected system. The vulnerability is categorized under CWE-732, indicating improper permission assignment on critical resources. The CVSS v3.1 base score is 7.8, reflecting high severity due to local attack vector, low attack complexity, required privileges of low (non-admin), no user interaction, and full impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the vulnerability poses a significant risk in environments where the affected software is used, often in industrial control or building automation contexts. The lack of currently available patches necessitates immediate mitigation efforts to reduce exposure.

The vulnerability allows local non-privileged users to escalate their privileges to SYSTEM level, effectively gaining full control over the affected Windows system running the vulnerable Vivavis HIGH-LEIT software. This can lead to complete compromise of the system, including unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of service availability. For organizations relying on these systems, particularly in industrial automation or building management, this could result in operational downtime, safety risks, and potential regulatory non-compliance. The ability to execute arbitrary code at SYSTEM level means attackers can bypass most security controls, making containment and remediation more difficult. Although exploitation requires local access, insider threats or attackers who have gained initial footholds could leverage this vulnerability to escalate privileges and move laterally within networks, increasing the overall risk footprint.

1. Immediately audit and restrict file and folder permissions related to prunsrv.exe and associated directories to ensure only trusted administrative accounts have write access. 2. Implement strict local user account controls and limit the number of users with local access to affected systems. 3. Monitor system logs and file integrity for unauthorized changes to prunsrv.exe or related files. 4. Deploy endpoint detection and response (EDR) tools capable of detecting privilege escalation attempts and anomalous process executions. 5. Apply vendor patches or updates as soon as they become available; maintain close communication with Vivavis for patch release notifications. 6. Use application whitelisting to prevent unauthorized executables from running. 7. Segment networks to limit local access to critical systems running HIGH-LEIT software. 8. Conduct regular security awareness training for personnel with local system access to reduce insider threat risks. 9. Consider implementing least privilege principles and multi-factor authentication for administrative access to reduce the risk of credential compromise.