Panoramic Corporation Digital Imaging Software

Monitor7.8ICS-CERT ICSMA-25-198-01Jul 17, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Panoramic Digital Imaging Software version 9.1.2.7600 contains a privilege escalation vulnerability in an unsupported SDK component from Oy Ajat Ltd. A standard user account on a local machine can exploit this vulnerability to gain NT Authority/SYSTEM privileges. Panoramic Corporation is not the owner of the vulnerable component and has not provided mitigation guidance. The software vendor states the affected component is no longer supported and no fix is available.

What this means

What could happen

A user with a standard account on a machine running Panoramic Digital Imaging Software could gain full system-level (SYSTEM) privileges, potentially allowing them to alter imaging data, install backdoors, or interfere with any process that depends on this software.

Who's at risk

Water and municipal electric utilities using Panoramic Digital Imaging Software for SCADA visualization, reporting, or asset documentation. This affects any organization where standard users (operators, technicians, administrative staff) have access to machines running version 9.1.2.7600, particularly if those machines also handle sensitive process data or control system functions.

How it could be exploited

An attacker with a standard user account on the local machine can exploit a vulnerability in the bundled SDK component to escalate privileges to SYSTEM level. This requires local access; the vulnerability cannot be exploited remotely over the network.

Prerequisites

Local user account on the machine running Panoramic Digital Imaging Software 9.1.2.7600
Standard user privileges (not requiring administrator credentials to trigger)

No patch availablePrivilege escalation to SYSTEM levelLocal access required but standard user privileges sufficientThird-party SDK component no longer supported by vendor

Exploitability

Moderate exploit probability (EPSS 3.6%)

Affected products (1)

ProductAffected VersionsFix Status

Digital Imaging Software: 9.1.2.76009.1.2.7600No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate machines running Panoramic Digital Imaging Software 9.1.2.7600 from the business network and restrict physical access to prevent unauthorized local user access

HARDENINGImplement strict access controls and account management to limit the number of standard user accounts on machines running this software

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Panoramic Corporation support to inquire about alternative products or upgrade paths, as the current version uses an unsupported SDK component with no planned fix

Mitigations - no patch available

0/1

Digital Imaging Software: 9.1.2.7600 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDeploy host-based monitoring on machines running this software to detect privilege escalation attempts

CVEs (1)

CVE-2024-22774

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ba3b717b-8f44-441a-88d9-5e33a0f0a2fa