CVE-2018-1168

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hitachienergy:sys600_firmware:9.0:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.1.5:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.2:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.4:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:59

Type Values Removed Values Added
References () https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC - Mitigation, Vendor Advisory () https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC - Mitigation, Vendor Advisory
References () https://zerodayinitiative.com/advisories/ZDI-18-141 - Third Party Advisory, VDB Entry () https://zerodayinitiative.com/advisories/ZDI-18-141 - Third Party Advisory, VDB Entry

16 May 2023, 21:04

Type Values Removed Values Added
CPE cpe:2.3:o:abb:sys600_firmware:9.2:*:*:*:*:*:*:*
cpe:2.3:o:abb:sys600_firmware:9.0:*:*:*:*:*:*:*
cpe:2.3:o:abb:sys600_firmware:9.1.5:*:*:*:*:*:*:*
cpe:2.3:o:abb:sys600_firmware:9.1:*:*:*:*:*:*:*
cpe:2.3:o:abb:sys600_firmware:9.4:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.0:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.1.5:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.2:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.4:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:sys600_firmware:9.1:*:*:*:*:*:*:*

19 Apr 2023, 15:32

Type Values Removed Values Added
CPE cpe:2.3:h:abb:sys600:-:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*

Information

Published : 2018-02-21 14:29

Updated : 2024-11-21 03:59


NVD link : CVE-2018-1168

Mitre link : CVE-2018-1168

CVE.ORG link : CVE-2018-1168


JSON object : View

Products Affected

hitachienergy

  • sys600_firmware
  • sys600
CWE
CWE-284

Improper Access Control

CWE-732

Incorrect Permission Assignment for Critical Resource