CVE-2020-13554

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA version 9.0.1

Description A local privilege elevation issue exists in the file system permissions of the installation, specifically in the webvrpcs Run Key Privilege Escalation. This allows an attacker to replace binary or loaded modules, executing code with NT SYSTEM privilege. The vulnerability is related to insecure privilege management in the webvrpcs component.

Recommendations For Advantech WebAccess/SCADA version 9.0.1, consider restricting access to the webvrpcs Run Key Privilege Escalation in the installation folder to minimize the risk of exploitation. As a temporary workaround, disabling the execution of code with NT SYSTEM privilege may help until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.