#VU46825 Permissions, Privileges, and Access Controls in WebAccess Scada Node - CVE-2020-16202
Published: September 21, 2020
Vulnerability identifier: #VU46825
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-16202
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
WebAccess Scada Node
WebAccess Scada Node
Software vendor:
Advantech Co., Ltd
Advantech Co., Ltd
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected product has incorrect permissions set for resources used by specific services, which leads to code execution with system privileges.
Remediation
Install updates from vendor's website.