Incorrect Default Permissions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.