CVE-2020-22722

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-434
View all →

Vulnerability Description

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.

Related Vulnerabilities

CVE-2010-4661

HIGH
CVSS:7.8(High)

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

CWE-4342010

CVE-2015-0796

HIGH
CVSS:7.8(High)

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow bui...

CWE-4342015

CVE-2015-1000013

HIGH
CVSS:7.8(High)

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1

CWE-4342015

CVE-2015-7571

HIGH
CVSS:7.8(High)

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

CWE-4342015

CVE-2017-13156

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

CWE-4342017

CVE-2017-2699

HIGH
CVSS:7.8(High)

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could ...

CWE-4342017