Description
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/11
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/146668/Rapid-Scada-5.5.0-Insecure-Permissions.html
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
rapidscada/rapid_scada
5.5.0
Published
Mar 08, 2018
Tracked Since
Feb 18, 2026