Search
Find a vulnerability
Search criteria
7 vulnerabilities by SpiderControl
CVE-2023-3329 (GCVE-0-2023-3329)
Vulnerability from cvelistv5 – Published: 2023-08-02 22:26 – Updated: 2024-10-29 17:48
VLAI
Title
CVE-2023-3329
Summary
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| iniNet | SCADAWebServer |
Affected:
0 , ≤ 2.08
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T17:48:36.940300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T17:48:43.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SCADAWebServer",
"vendor": "iniNet",
"versions": [
{
"lessThanOrEqual": "2.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI\u0027s upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T22:26:07.157Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-3329",
"x_generator": {
"engine": "VINCE 2.1.3",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-3329"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3329",
"datePublished": "2023-08-02T22:26:07.157Z",
"dateReserved": "2023-06-19T17:52:02.498Z",
"dateUpdated": "2024-10-29T17:48:43.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18991 (GCVE-0-2018-18991)
Vulnerability from cvelistv5 – Published: 2018-12-04 21:00 – Updated: 2024-08-05 11:23
VLAI
Summary
Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106105 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | SCADA WebServer |
Affected:
Versions prior to 2.03.0001
|
Date Public
2018-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCADA WebServer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to 2.03.0001"
}
]
}
],
"datePublic": "2018-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-06T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCADA WebServer",
"version": {
"version_data": [
{
"version_value": "Versions prior to 2.03.0001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim\u0027s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106105"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18991",
"datePublished": "2018-12-04T21:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14010 (GCVE-0-2017-14010)
Vulnerability from cvelistv5 – Published: 2018-04-26 19:00 – Updated: 2024-09-16 21:04
VLAI
Summary
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
Severity
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01 | x_refsource_MISC |
| http://spidercontrol.net/download/downloadarea/?lang=en | x_refsource_MISC |
| http://www.securityfocus.com/bid/101505 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpiderControl | MicroBrowser |
Affected:
MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior.
|
Date Public
2017-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spidercontrol.net/download/downloadarea/?lang=en"
},
{
"name": "101505",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MicroBrowser",
"vendor": "SpiderControl",
"versions": [
{
"status": "affected",
"version": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior."
}
]
}
],
"datePublic": "2017-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spidercontrol.net/download/downloadarea/?lang=en"
},
{
"name": "101505",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-10-19T00:00:00",
"ID": "CVE-2017-14010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroBrowser",
"version": {
"version_data": [
{
"version_value": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior."
}
]
}
}
]
},
"vendor_name": "SpiderControl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"
},
{
"name": "http://spidercontrol.net/download/downloadarea/?lang=en",
"refsource": "MISC",
"url": "http://spidercontrol.net/download/downloadarea/?lang=en"
},
{
"name": "101505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14010",
"datePublished": "2018-04-26T19:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:04:09.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12728 (GCVE-0-2017-12728)
Vulnerability from cvelistv5 – Published: 2017-10-04 07:00 – Updated: 2024-08-05 18:43
VLAI
Summary
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100668 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | SpiderControl SCADA Web Server |
Affected:
SpiderControl SCADA Web Server
|
Date Public
2017-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01"
},
{
"name": "100668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SpiderControl SCADA Web Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SpiderControl SCADA Web Server"
}
]
}
],
"datePublic": "2017-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01"
},
{
"name": "100668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SpiderControl SCADA Web Server",
"version": {
"version_data": [
{
"version_value": "SpiderControl SCADA Web Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01"
},
{
"name": "100668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12728",
"datePublished": "2017-10-04T07:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13995 (GCVE-0-2017-13995)
Vulnerability from cvelistv5 – Published: 2017-10-04 07:00 – Updated: 2024-08-05 19:13
VLAI
Summary
An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100951 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | iniNet Solutions GmbH SCADA Webserver |
Affected:
iniNet Solutions GmbH SCADA Webserver
|
Date Public
2017-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100951"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iniNet Solutions GmbH SCADA Webserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "iniNet Solutions GmbH SCADA Webserver"
}
]
}
],
"datePublic": "2017-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100951"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-13995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iniNet Solutions GmbH SCADA Webserver",
"version": {
"version_data": [
{
"version_value": "iniNet Solutions GmbH SCADA Webserver"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100951"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-13995",
"datePublished": "2017-10-04T07:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12694 (GCVE-0-2017-12694)
Vulnerability from cvelistv5 – Published: 2017-08-25 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100456 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | SpiderControl SCADA Web Server |
Affected:
SpiderControl SCADA Web Server
|
Date Public
2017-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"
},
{
"name": "100456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SpiderControl SCADA Web Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SpiderControl SCADA Web Server"
}
]
}
],
"datePublic": "2017-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"
},
{
"name": "100456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SpiderControl SCADA Web Server",
"version": {
"version_data": [
{
"version_value": "SpiderControl SCADA Web Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"
},
{
"name": "100456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12694",
"datePublished": "2017-08-25T19:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12707 (GCVE-0-2017-12707)
Vulnerability from cvelistv5 – Published: 2017-08-25 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100453 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | SpiderControl SCADA MicroBrowser |
Affected:
SpiderControl SCADA MicroBrowser
|
Date Public
2017-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02"
},
{
"name": "100453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SpiderControl SCADA MicroBrowser",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SpiderControl SCADA MicroBrowser"
}
]
}
],
"datePublic": "2017-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02"
},
{
"name": "100453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SpiderControl SCADA MicroBrowser",
"version": {
"version_data": [
{
"version_value": "SpiderControl SCADA MicroBrowser"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02"
},
{
"name": "100453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12707",
"datePublished": "2017-08-25T19:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}