CVE-2018-1168

Name of the Vulnerable Software and Affected Versions ABB MicroSCADA versions 9.3 with FP 1-2-3

Description This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this issue to escalate privileges to SYSTEM.

Recommendations For ABB MicroSCADA versions 9.3 with FP 1-2-3, consider restricting access to the critical files that are left open to manipulation by any authenticated user until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.