PT-2021-9631 · Advantech · Advantech Webaccess/Scada

Published

2021-02-17

Updated

2022-06-29

CVE-2020-13553

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA version 9.0.1

Description A local privilege elevation issue exists in the file system permissions of the installation, allowing an attacker to execute code with NT SYSTEM privilege by replacing binary or loaded modules in the webvrpcs Run Key Privilege Escalation within the installation folder.

Recommendations For Advantech WebAccess/SCADA version 9.0.1, consider restricting access to the webvrpcs Run Key Privilege Escalation in the installation folder to minimize the risk of exploitation. As a temporary workaround, limit the ability to replace binary or loaded modules until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-13553

Affected Products

Advantech Webaccess/Scada

PT-2021-9631 · Advantech · Advantech Webaccess/Scada

CVE-2020-13553

Weakness Enumeration

Related Identifiers

Affected Products

References · 5