CVE-2020-22722 — HIGH (7.8)

Vulnerability Description

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rapidscada	Rapid Scada	5.8.0
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-434

References

https://syhack.wordpress.com/2020/04/21/rapid-scada-local-privilege-escalation-vExploitThird Party Advisory
https://syhack.wordpress.com/2020/04/21/rapid-scada-local-privilege-escalation-vExploitThird Party Advisory

FAQ

What is CVE-2020-22722?

CVE-2020-22722 is a vulnerability with a CVSS score of 7.8 (HIGH). Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious ...

How severe is CVE-2020-22722?

CVE-2020-22722 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-22722?

Check the references section above for vendor advisories and patch information. Affected products include: Rapidscada Rapid Scada, Microsoft Windows.