CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

CVSS v3 8.8 HIGH
CVSS v2.0 7.2 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:webaccess\/scada:9.0.1:*:*:*:*:*:*:*

History

19 Apr 2022, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-276

19 Feb 2021, 18:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 8.8
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 - Exploit, Technical Description, Third Party Advisory
CPE		cpe:2.3:a:advantech:webaccess\/scada:9.0.1:::::::*
CWE		CWE-269

17 Feb 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-02-17 19:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-13551

Mitre link : CVE-2020-13551

CVE.ORG link : CVE-2020-13551

JSON object : View

Products Affected

advantech

webaccess\/scada

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2020-13551", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2021-02-17T19:15:12.387", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios local explotable en los permisos del sistema de archivos de la instalaci\u00f3n de Advantech WebAccess/SCADA versi\u00f3n 9.0.1. En la escalada de privilegios a trav\u00e9s del ejecutable PostgreSQL, un atacante puede reemplazar m\u00f3dulos binarios o cargados para ejecutar c\u00f3digo con privilegios NT SYSTEM"}], "lastModified": "2022-06-29T20:31:41.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:webaccess\\/scada:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E681B46-0DAF-40E9-B6EF-3FE30887B6F8"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}