A high-severity vulnerability has been identified in multiple EAI products developed by Digiwin. This flaw allows a remote attacker with basic user credentials to easily gain full administrative control over the affected system. Successful exploitation could lead to significant data breaches, operational disruption, and unauthorized system modifications.

The vulnerability is a privilege escalation flaw within a specific Application Programming Interface (API) of the EAI software. A remote attacker who has already authenticated with regular, low-level user privileges can exploit this flaw by sending a specially crafted request to the vulnerable API endpoint. Successful exploitation results in the attacker's account being granted administrator-level permissions, bypassing normal security controls and providing complete control over the application.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could lead to unauthorized access to sensitive business data, modification or deletion of critical information, and disruption of business processes that rely on the EAI system. An attacker with administrator access could create rogue admin accounts, install malicious software, or use the compromised system as a pivot point to attack other internal network resources, posing a significant risk to data confidentiality, integrity, and availability.

Immediate Action: Immediately apply the security patches provided by the vendor (Digiwin) to update all affected EAI instances to a non-vulnerable version. Following the update, conduct a thorough review of all user accounts and permissions to ensure the principle of least privilege is enforced and to identify any unauthorized or overly permissive accounts.

Proactive Monitoring: Monitor application and web server logs for unusual or anomalous API calls, particularly those related to user management or permission changes. Implement alerting for any attempts by non-administrative users to access administrative API endpoints. Scrutinize audit logs for unexpected privilege escalations or the creation of new administrative accounts.

Compensating Controls: If immediate patching is not feasible, restrict network access to the vulnerable API endpoints to only trusted administrative IP addresses using a Web Application Firewall (WAF) or network firewall rules. Enhance monitoring on all accounts with access to the EAI system to detect any suspicious activity or unauthorized changes.

Public Exploit Available: false

Given the High severity (CVSS 8.8) of this vulnerability and the potential for complete system compromise, immediate remediation is critical. We strongly recommend that all affected EAI products be patched without delay. While this vulnerability is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion. Organizations should prioritize patching and verify the successful application of the update.