Permissions, Privileges, and Access Controls in WebAccess Scada Node - CVE-2020-16202
Published: September 21, 2020
Vulnerability identifier: #VU46825
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-16202
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Advantech Co., Ltd
Affected software:
WebAccess Scada Node
WebAccess Scada Node
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected product has incorrect permissions set for resources used by specific services, which leads to code execution with system privileges.
How to mitigate CVE-2020-16202
Install updates from vendor's website.