Panoramic Corporation Digital Imaging Software

MonitorCVSS 7.8ICS-CERT ICSMA-25-198-01Jul 17, 2025

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Panoramic Corporation Digital Imaging Software version 9.1.2.7600 contains a privilege escalation vulnerability in an SDK component owned by Oy Ajat Ltd that is no longer supported. A standard user with local access to the system could exploit this vulnerability to obtain NT Authority/SYSTEM privileges, allowing them to execute commands with the highest privilege level on the system.

What this means

What could happen

A user with local access to a computer running this imaging software could gain full administrative control of that system, potentially allowing them to modify process data, alter system configuration, or install malicious software.

Who's at risk

Organizations using Panoramic Corporation Digital Imaging Software 9.1.2.7600 should be concerned, particularly those in utilities, manufacturing, or labs where this imaging software is used for system monitoring or documentation. The risk is highest for systems where untrusted users may have local access or where the software runs on computers also accessible to operational staff.

How it could be exploited

An attacker with local user access to a system running the vulnerable software can exploit a flaw in the unsupported SDK component to escalate their privileges to SYSTEM level. This requires the attacker to first gain local login access to the machine (not remote).

Prerequisites

Local user account on the system running Digital Imaging Software 9.1.2.7600
Ability to execute code or interact with the application as a standard user

local privilege escalationno patch availableunsupported third-party componentaffects Windows systems

Exploitability

Some exploitation risk — EPSS score 3.6%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

Digital Imaging Software: 9.1.2.76009.1.2.7600No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict local access to systems running Digital Imaging Software 9.1.2.7600 to trusted personnel only; implement access controls to prevent unauthorized user accounts from being created

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGSegregate systems running this software from business and operational networks using firewalls and network segmentation

HARDENINGImplement Windows-level privilege controls and monitoring (e.g., Group Policy, Windows Defender Application Control) to limit what standard users can execute

HARDENINGMonitor for suspicious privilege escalation attempts on systems running Digital Imaging Software; log and alert on failed and successful SYSTEM-level operations

Long-term hardening

0/1

WORKAROUNDEvaluate replacement of Digital Imaging Software 9.1.2.7600 with a vendor-supported alternative or current version from Panoramic Corporation

CVEs (1)

CVE-2024-22774

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ba3b717b-8f44-441a-88d9-5e33a0f0a2fa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.