CVE-2020-13552

Published: Feb 17, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Affected (1)

Products: Advantech: Webaccess/scada

1 product

Webaccess/scada

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech Webaccess/scada	Version 9.0.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.