CVE-2018-1168 HIGH

Published: 2018-02-21 | Last Modified: 2026-06-17 | Status: Modified

Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.

Additional Descriptions (1)

Esta vulnerabilidad permite que los atacantes locales escalen privilegios en instalaciones vulnerables de ABB MicroSCADA 9.3 con FP 1-2-3. En primer lugar, un atacante debe obtener la capacidad de ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. Este error en concreto existe en la configuración de los controles de acceso para los archivos del producto instalados. El procedimiento de instalación hace que archivos críticos queden expuestos a ser manipulados por parte de cualquier usuario autenticado. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios a SYSTEM. Anteriormente era ZDI-CAN-5097.

CVSS Metrics

Base Score: 7.2 (HIGH)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-284
[email protected]	Primary	en CWE-732

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	sys600_firmware	9.0	<built-in method update of dict object at 0x72a9ccd287c0>	Operating System
hitachienergy	sys600_firmware	9.1	<built-in method update of dict object at 0x72a9ccd29f40>	Operating System
hitachienergy	sys600_firmware	9.1.5	<built-in method update of dict object at 0x72a9cc523f40>	Operating System
hitachienergy	sys600_firmware	9.2	<built-in method update of dict object at 0x72a9b0b6bd80>	Operating System
hitachienergy	sys600_firmware	9.4	<built-in method update of dict object at 0x72a9ccd28080>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:sys600_firmware:9.0:::::::*`
Yes	`cpe:2.3:o:hitachienergy:sys600_firmware:9.1:::::::*`
Yes	`cpe:2.3:o:hitachienergy:sys600_firmware:9.1.5:::::::*`
Yes	`cpe:2.3:o:hitachienergy:sys600_firmware:9.2:::::::*`
Yes	`cpe:2.3:o:hitachienergy:sys600_firmware:9.4:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:sys600:-:::::::*`

References

https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC
Source: [email protected]

Mitigation Vendor Advisory
https://zerodayinitiative.com/advisories/ZDI-18-141
Source: [email protected]

Third Party Advisory VDB Entry
https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Vendor Advisory
https://zerodayinitiative.com/advisories/ZDI-18-141
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry