Ver todas as ameaças

CVE-2020-22722

Alvo: Não informado

Descrição

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITYSYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITYSYSTEM by giving the attacker full system access to the remote PC.

Software
Não informado
Tipo Software
Core
CVE
CVE-2020-22722
Tags
Nâo informado
Data de publicação
14/08/2020
Última atualização
24/02/2022
Pontuação em CVSS 3.0
7.8
Alto
Rolar para cima