轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202604-00000014

[內容說明]
【達煬科技｜WinMatrix - Missing Authentication】(CVE-2026-6348，CVSS：8.8) 達煬科技開發之WinMatrix agent程式存在Missing Authentication漏洞，已通過身分鑑別之本機端攻擊者可於本機與該環境內所有安裝agent程式之主機上以系統權限執行任意程式碼。

[影響平台]
WinMatrix agent程式 3.5.13至3.5.26.15版本

[建議措施]
請更新agent程式至3.5.27.5(含)以後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000014

[Content Description]
【Simopro｜WinMatrix - Missing Authentication】(CVE-2026-6348, CVSS: 8.8)Simopro WinMatrix agent program contains a Missing Authentication vulnerability. An attacker who has successfully authenticated on the local machine can execute arbitrary code with system privileges on the local machine and all hosts in the environment where the agent program is installed.

[Affected Platforms]
WinMatrix agent program versions 3.5.13 to 3.5.26.15

[Recommended Actions]
Please update the agent program to version 3.5.27.5 or later.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html