CVE-2020-13551

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA version 9.0.1

Description A local privilege elevation issue exists in the file system permissions of the installation, allowing an attacker to escalate privileges via the PostgreSQL executable. This can be achieved by either replacing binary or loaded modules, enabling the execution of code with NT SYSTEM privilege.

Recommendations For Advantech WebAccess/SCADA version 9.0.1, consider restricting access to the PostgreSQL executable as a temporary workaround until a patch is available. Additionally, review the file system permissions to prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.