Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITYSYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITYSYSTEM by giving the attacker full system access to the remote PC.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22722
Reference (s):
- https://syhack.wordpress.com/2020/04/21/rapid-scada-local-privilege-escalation-vulnerability/