CVE-2020-13553
First published: Wed Feb 17 2021(Updated: )
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess/SCADA | =9.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-13553?
CVE-2020-13553 is classified as a local privilege elevation vulnerability.
How do I fix CVE-2020-13553?
To fix CVE-2020-13553, update Advantech WebAccess/SCADA to a version greater than 9.0.1 that addresses this vulnerability.
Who is affected by CVE-2020-13553?
CVE-2020-13553 affects users of Advantech WebAccess/SCADA version 9.0.1.
What could an attacker do with CVE-2020-13553?
An attacker exploiting CVE-2020-13553 could replace binaries or loaded modules to execute arbitrary code.
Is CVE-2020-13553 a remote attack vector?
No, CVE-2020-13553 requires local access to exploit the privilege escalation vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advantech
- canonical/advantech webaccess/scada
- version/advantech webaccess/scada/9.0.1