### [CVE-2020-22722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22722)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.

### POC

#### Reference
- https://syhack.wordpress.com/2020/04/21/rapid-scada-local-privilege-escalation-vulnerability/
- https://syhack.wordpress.com/2020/04/21/rapid-scada-local-privilege-escalation-vulnerability/

#### Github
No PoCs found on GitHub currently.