Published: 08/03/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability allows local malicious users to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rapidscada rapid scada 5.5.0

A vulnerability allows local attackers to escalate privilege on TotalAV versions 417 through 4619 because of weak "C:\Program Files\TotalAV" permissions The specific flaw exists within the access control that is set and modified during the installation of the product The product sets weak access control restrictions An attacker can leverage ...

Rapid Scada version 550 suffers from an insecure permission vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    Total AV 417 ~ 4 619 - Insecure Permissions   From: filipe &l ...

CWE-732 http://seclists.org/fulldisclosure/2018/Mar/11 http://packetstormsecurity.com/files/146668/Rapid-Scada-5.5.0-Insecure-Permissions.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2018/Jul/54

CVE-2018-5313

Vulnerability Summary

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect