PT-2020-15500 · Microsoft+1 · Windows+1
Anand Murugan
+1
·
Published
2020-08-14
·
Updated
2020-08-21
·
CVE-2020-22722
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rapid Software LLC Rapid SCADA version 5.8.0
Description
The issue allows for local privilege escalation due to a vulnerability in the ScadaAgentSvc.exe executable file. An attacker can gain admin privileges by placing a malicious .exe file in the application, renaming it ScadaAgentSvc.exe, and executing it as NT AUTHORITYSYSTEM in a Windows operating system. This could enable an attacker to plant a reverse shell from a low-privileged user account, gaining full system access to the remote PC upon restarting the computer.
Recommendations
For Rapid Software LLC Rapid SCADA version 5.8.0, consider removing or restricting access to the ScadaAgentSvc.exe executable file until a patch is available. As a temporary workaround, monitor system restarts and manually verify the integrity of the ScadaAgentSvc.exe file to prevent malicious execution.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid Scada
Windows