Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their privileges on the targeted system, respectively. This software package, based in HTML-5, allows users to perform data visualization and supervisory controls over internet-of-things and operational technology devices.
In accordance with our coordinated disclosure policy, Cisco Talos is disclosing these vulnerabilities despite Advantech not confirming a fix. For more on this, refer to Cisco's 90-day vulnerability disclosure policy.
Vulnerability details
Advantech WebAccess/SCADA installation local file inclusion (TALOS-2020-1168/CVE-2020-13550)
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Advantech WebAccess/SCADA installation privilege escalation vulnerability (TALOS-2020-1169/CVE-2020-13551 - CVE-2020-13555)
Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that this vulnerability affects Advantech WebAccess/SCADA, version 9.0.1.
Coverage
The following SNORTⓇ rules from an earlier rule release will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 56048 - 56050