Details of VAR-202103-0009

ID

VAR-202103-0009

CVE

CVE-2020-13554

TITLE

Advantech WebAccess/SCADA Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-016164

DESCRIPTION

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Advantech WebAccess/SCADA Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment

Trust: 2.25

sources: NVD: CVE-2020-13554 // JVNDB: JVNDB-2020-016164 // CNVD: CNVD-2021-11307 // VULHUB: VHN-166344

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-11307

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess\/scada	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	アドバンテック株式会社	model:	webaccess/scada	scope:	eq	version:	9.0.1	Trust: 0.8
vendor:	アドバンテック株式会社	model:	webaccess/scada	scope:	eq	version:	-	Trust: 0.8
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	9.0.1	Trust: 0.6

sources: CNVD: CNVD-2021-11307 // JVNDB: JVNDB-2020-016164 // NVD: CVE-2020-13554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-13554
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2020-13554
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-13554
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-11307
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202102-1264
value:	HIGH
Trust: 0.6
VULHUB:	VHN-166344
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-13554
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-11307
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-166344
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-13554
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2020-13554
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2020-13554
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-11307 // VULHUB: VHN-166344 // JVNDB: JVNDB-2020-016164 // CNNVD: CNNVD-202102-1264 // NVD: CVE-2020-13554 // NVD: CVE-2020-13554

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-166344 // JVNDB: JVNDB-2020-016164 // NVD: CVE-2020-13554

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1264

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1264

PATCH

title:	WebAccess/SCADA	url:	https://www.advantech.tw/support/details/installation?id=1-MS9MJV	Trust: 0.8
title:	Multiple Advantech Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143433	Trust: 0.6

sources: JVNDB: JVNDB-2020-016164 // CNNVD: CNNVD-202102-1264

EXTERNAL IDS

db:	TALOS	id:	TALOS-2020-1169	Trust: 3.1
db:	NVD	id:	CVE-2020-13554	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-016164	Trust: 0.8
db:	CNVD	id:	CNVD-2021-11307	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1264	Trust: 0.6
db:	VULHUB	id:	VHN-166344	Trust: 0.1

sources: CNVD: CNVD-2021-11307 // VULHUB: VHN-166344 // JVNDB: JVNDB-2020-016164 // CNNVD: CNNVD-202102-1264 // NVD: CVE-2020-13554

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1169	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13554	Trust: 1.4

sources: CNVD: CNVD-2021-11307 // VULHUB: VHN-166344 // JVNDB: JVNDB-2020-016164 // CNNVD: CNNVD-202102-1264 // NVD: CVE-2020-13554

CREDITS

Discovered by Yuri Kramarz of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202102-1264

SOURCES

db:	CNVD	id:	CNVD-2021-11307
db:	VULHUB	id:	VHN-166344
db:	JVNDB	id:	JVNDB-2020-016164
db:	CNNVD	id:	CNNVD-202102-1264
db:	NVD	id:	CVE-2020-13554

LAST UPDATE DATE

2024-11-23T22:40:46.743000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-11307	date:	2021-02-23T00:00:00
db:	VULHUB	id:	VHN-166344	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-016164	date:	2021-11-11T08:23:00
db:	CNNVD	id:	CNNVD-202102-1264	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2020-13554	date:	2024-11-21T05:01:29.170

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-11307	date:	2021-02-22T00:00:00
db:	VULHUB	id:	VHN-166344	date:	2021-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-016164	date:	2021-11-11T00:00:00
db:	CNNVD	id:	CNNVD-202102-1264	date:	2021-02-16T00:00:00
db:	NVD	id:	CVE-2020-13554	date:	2021-03-03T17:15:11.487