Lucene search

IcscertCVE-2020-16202

HistorySep 22, 2020 - 3:15 p.m.

CVE-2020-16202

2020-09-2215:15:14

CWE-732

icscert

web.nvd.nist.gov

cve-2020-16202

webaccess node

permissions

code execution

system privileges

security vulnerability

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

10.4%

JSON

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

Affected configurations

Nvd

Node

advantechwebaccessRange<9.0.1

VendorProductVersionCPE
advantechwebaccess*cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
advantech	webaccess	*	cpe:2.3:a:advantech:webaccess::::::::

CNA Affected

[
  {
    "product": "WebAccess Node",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 9.0.1"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-261-01

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

10.4%

JSON

Related for CVE-2020-16202