CVE-2020-13552

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA version 9.0.1

Description A local privilege elevation issue exists in the file system permissions of the installation, allowing an attacker to escalate privileges via multiple service executables in the installation folder. This can enable the attacker to replace binaries or loaded modules, executing code with NT SYSTEM privilege.

Recommendations For Advantech WebAccess/SCADA version 9.0.1, consider restricting access to the service executables in the installation folder to minimize the risk of exploitation. As a temporary workaround, limit the ability to replace or modify binaries and loaded modules within the installation directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.