{"vulnerability": "CVE-2020-1355", "sightings": [{"uuid": "85302702-ee45-49f4-a8ea-19eb6328568b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13554", "type": "seen", "source": "https://t.me/cibsecurity/24401", "content": "\u203c CVE-2020-13554 \u203c\n\nAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T20:45:36.000000Z"}, {"uuid": "369899aa-f72b-43f3-8f13-36ec1438aa5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13557", "type": "seen", "source": "https://t.me/cibsecurity/21178", "content": "\u203c CVE-2020-13557 \u203c\n\nA use after free vulnerability exists in the JavaScript engine of Foxit Software\u00e2\u20ac\u2122s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-22T20:53:29.000000Z"}, {"uuid": "6aa11da5-647d-4e25-b36e-4f4ba73ab5de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13550", "type": "seen", "source": "https://t.me/cibsecurity/23774", "content": "\u203c CVE-2020-13550 \u203c\n\nA local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T22:49:21.000000Z"}, {"uuid": "b8848362-b1e1-4e5f-9608-a6f2d44df7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13552", "type": "seen", "source": "https://t.me/cibsecurity/23773", "content": "\u203c CVE-2020-13552 \u203c\n\nAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T22:49:20.000000Z"}, {"uuid": "f6f07392-91d3-4aad-a625-19b2cd912e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13551", "type": "seen", "source": "https://t.me/cibsecurity/23772", "content": "\u203c CVE-2020-13551 \u203c\n\nAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T22:49:19.000000Z"}, {"uuid": "162bebc3-91ae-4107-9790-76c922da8b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13553", "type": "seen", "source": "https://t.me/cibsecurity/23771", "content": "\u203c CVE-2020-13553 \u203c\n\nAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T22:49:18.000000Z"}, {"uuid": "d6935dad-9747-4c84-8007-a0b6bdd05103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13555", "type": "seen", "source": "https://t.me/cibsecurity/23770", "content": "\u203c CVE-2020-13555 \u203c\n\nAn exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T22:49:18.000000Z"}, {"uuid": "4b810711-3040-41fb-b8b7-b8f25f19c7e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13559", "type": "seen", "source": "https://t.me/cibsecurity/21912", "content": "\u203c CVE-2020-13559 \u203c\n\nA denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T22:46:12.000000Z"}, {"uuid": "c04a764d-a8fa-4df0-ae36-1a695a8aebb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13556", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2219", "content": "#exploit \nCVE-2020-13530, CVE-2020-13556:\nDoS, code execution vulnerabilities in the Ethernet/IP function of EIP Stack Group OpENer\nhttps://blog.talosintelligence.com/2020/12/vuln-spotlight-stack-group-opener-dec-2020.html", "creation_timestamp": "2022-06-07T23:36:40.000000Z"}, {"uuid": "8cf175e3-47b3-4ec0-8fe8-645a01f806af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13558", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2830", "content": "#exploit\nRCE vulnerability in WebKit WebAudio API / WebKitGTK 2.30.1 (PoC for CVE-2020-13558)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1172", "creation_timestamp": "2024-05-08T02:48:36.000000Z"}, {"uuid": "390b2eb9-2588-4db2-b7e8-e7b04b1c29c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13553", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}, {"uuid": "ac586ffe-9c32-4e2f-a2e0-37a9260e8673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13554", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}, {"uuid": "b76b4679-fa31-4909-8fa0-a9a86e893456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13552", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}, {"uuid": "dd170e97-1e0e-404c-ba59-6584dd4ff1bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13551", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}, {"uuid": "926086b1-7765-4cbb-bae4-292ee7e57d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13555", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}, {"uuid": "d2235567-76f2-40a5-a763-f7795a70c63d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13550", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2750", "content": "#SCADA_Security\nVulnerabilities in Advantech WebAccess/SCADA\n1. CVE-2020-13550:\nAdvantech WebAccess/SCADA installation local file inclusion (PoC)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1168\n2. CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555:\nAdvantech WebAccess/SCADA installation privilege escalation vulnerability (PoCs)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1169", "creation_timestamp": "2021-02-21T12:53:01.000000Z"}]}