Lucene search

K
zdiFritz Sands - Trend Micro Zero Day InitiativeZDI-18-141
HistoryFeb 06, 2018 - 12:00 a.m.

ABB MicroSCADA Improper Access Control Privilege Escalation Vulnerability

2018-02-0600:00:00
Fritz Sands - Trend Micro Zero Day Initiative
www.zerodayinitiative.com
12
abb microscada
privilege escalation
access control
vulnerability
installation
manipulation
authenticated user
system

EPSS

0.001

Percentile

23.4%

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM.

EPSS

0.001

Percentile

23.4%

Related for ZDI-18-141