The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the Everyone group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.