UTIMACO has been made aware of a vulnerability affecting the Windows installations of several product packages. When installing product packages of the Affected Products, using the Windows installer shipped on the product CD, incorrect folder permissions are configured. Also, the PIN Pad Daemon “PPD” is configured to run under LocalSystem account. Both could allow for an attacker to escalate Windows privileges from a standard “Authenticated User” to that of an Administrator or SYSTEM. Please consult CVE-2020-26155 Security Advisory to find out how to prevent possible security threats effectively.
Thanks to Richard Davy from ECSC (www.ecsc.co.uk) for the responsible disclosure and his valuable input for mitigation of this vulnerability.