The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25161
Reference (s):
- https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01
- URL: https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01