CVE-2020-13552
First published: Wed Feb 17 2021(Updated: )
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess/SCADA | =9.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-13552?
CVE-2020-13552 has a high severity level due to its potential for local privilege escalation.
How do I fix CVE-2020-13552?
To fix CVE-2020-13552, it is recommended to update Advantech WebAccess/SCADA to a version that addresses this vulnerability.
What kind of attack can be facilitated by CVE-2020-13552?
CVE-2020-13552 can be exploited to perform local privilege escalation, allowing unauthorized actions within the system.
Which versions of Advantech WebAccess/SCADA are affected by CVE-2020-13552?
CVE-2020-13552 specifically affects Advantech WebAccess/SCADA version 9.0.1.
Is CVE-2020-13552 a remote or local vulnerability?
CVE-2020-13552 is a local vulnerability that requires access to the target system to exploit.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advantech
- canonical/advantech webaccess/scada
- version/advantech webaccess/scada/9.0.1