CVE-2020-16202
published 2020-09-22CVE-2020-16202: WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.38%
29.8th percentile
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | < 9.0.1 | 9.0.1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rfmg-4pjp-2fr4: WebAccess Node (All versions prior to 9
ghsa_unreviewed·2022-05-24
CVE-2020-16202 [HIGH] GHSA-rfmg-4pjp-2fr4: WebAccess Node (All versions prior to 9
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
CISA ICS
Advantech WebAccess Node
cisa_ics·2020-09-17·CVSS 7.8
[HIGH] Advantech WebAccess Node
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Node
Last RevisedSeptember 17, 2020
Alert CodeICSA-20-261-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess Node
- Vulnerability: Incorrect Permission Assignment for Critical Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to escalate their privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of WebAccess Node, an HMI platform, are affected:
- WebAccess Node: All versions prior to 9.0.1
## 3.2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-22
Published