Vendor: SpiderControl
Equipment: SCADA Web Server
Vulnerability: Directory Traversal
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03
ZDI Advisory:
http://www.zerodayinitiative.com/advisories/ZDI-17-695
CVE-ID
CVE-2017-12694
AFFECTED PRODUCTS
The following versions of SpiderControl SCADA Web Server, a software management platform, are affected:
- SCADA Web Server < version 2.02.0100
IMPACT
Successful exploitation of this vulnerability allows an attacker to gain read access to system files through directory traversal.
Read on for details.