← Back to CVE List

CVE-2020-22722

Published: 2020-08-14T16:15Z
Last Modified: 2024-11-21T05:13Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt