CVE-2018-5313

{"id": "CVE-2018-5313", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-03-08T20:29:00.377", "references": [{"url": "http://packetstormsecurity.com/files/146668/Rapid-Scada-5.5.0-Insecure-Permissions.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2018/Mar/11", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/146668/Rapid-Scada-5.5.0-Insecure-Permissions.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2018/Mar/11", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM."}, {"lang": "es", "value": "Una vulnerabilidad permite que atacantes locales escalen privilegios en Rapid Scada 5.5.0 debido a permisos C:\\SCADA d\u00e9biles. Este error en concreto existe en el control de acceso que se establece y modifica durante la instalaci\u00f3n del producto. El producto establece controles de acceso d\u00e9biles. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo arbitrario bajo el contexto del Administrador, la cuenta IUSR o SYSTEM."}], "lastModified": "2024-11-21T04:08:34.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapidscada:rapid_scada:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C4E6AA-822F-4506-9EF2-FD60B1D605EB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}