Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.
PUBLISHED5.2CWE-276CWE-250CWE-732
Local Privilege Escalation Due to Writable Executable in Privileged Visionline Service Path
Problem type
- CWE-276 Incorrect Default Permissions
- CWE-250: Execution with Unnecessary Privileges
- CWE-732: Incorrect Permission Assignment for Critical Resource
Affected products
ASSA ABLOY
Visionline
< 1.33 - AFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-3315Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-3315",
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"dateUpdated": "2026-03-10T09:35:42.236Z",
"dateReserved": "2026-02-27T06:40:06.038Z",
"datePublished": "2026-03-10T09:35:42.236Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI",
"dateUpdated": "2026-03-10T09:35:42.236Z"
},
"datePublic": "2026-03-10T00:00:00.000Z",
"title": "Local Privilege Escalation Due to Writable Executable in Privileged Visionline Service Path",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.<p>This issue affects Visionline: from 1.0 before 1.33.</p>"
}
]
}
],
"affected": [
{
"vendor": "ASSA ABLOY",
"product": "Visionline",
"platforms": [
"Windows"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "1.0",
"status": "affected",
"versionType": "custom",
"lessThan": "1.33"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "CWE-250: Execution with Unnecessary Privileges",
"cweId": "CWE-250",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://https://www.vingcard.com/en/service-and-support/product-security-center"
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"workarounds": [
{
"lang": "en",
"value": "* Right-click on the folder C:\\ProgramData\\ASSA ABLOY\\Visionline\\webserver\n * Select Properties\n * Select the Security tab\n * Click Advanced\n * Click Disable inheritance\n * Select Convert inherited permissions into explicit permissions on this object\n * Remove Users from the list",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<div><p></p><ol><li>Right-click on the folder C:\\ProgramData\\ASSA ABLOY\\Visionline\\webserver</li><li>Select Properties</li><li>Select the Security tab</li><li>Click Advanced</li><li>Click Disable inheritance</li><li>Select Convert inherited permissions into explicit permissions on this object</li><li>Remove Users from the list</li></ol><p></p></div>"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Withsecure Exposure Management",
"type": "reporter"
}
]
}
}
}