CVE-2020-13554
First published: Wed Mar 03 2021(Updated: )
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess/SCADA | =9.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-13554?
CVE-2020-13554 has been classified as a high severity local privilege elevation vulnerability.
How do I fix CVE-2020-13554?
To fix CVE-2020-13554, upgrade Advantech WebAccess/SCADA to the latest version or apply any available security patches.
What types of systems are affected by CVE-2020-13554?
CVE-2020-13554 specifically affects Advantech WebAccess/SCADA version 9.0.1.
What can an attacker do to exploit CVE-2020-13554?
An attacker can exploit CVE-2020-13554 by replacing binaries or loaded modules to execute arbitrary code with elevated privileges.
Is CVE-2020-13554 a remote or local vulnerability?
CVE-2020-13554 is a local vulnerability, requiring access to the affected system to exploit.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advantech
- canonical/advantech webaccess/scada
- version/advantech webaccess/scada/9.0.1