SpiderControl

28 Oct 2017

[ICS] SpiderControl SCADA Web Server Improper Privilege Management Vulnerability

Vendor: SpiderControl
Equipment: SCADA Web Server
Vulnerability: Improper Privilege Management

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01

CVE-ID
CVE-2017-12728

AFFECTED PRODUCTS

The following versions of SCADA Web Server, a software management platform, are affected:
SCADA Web Server Version 2.02.0007 and prior.

IMPACT
Successful exploitation of this vulnerability could allow authenticated system users to escalate their privileges under certain conditions.

Read on for details.

Read more

01 Sep 2017

[ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability

Vendor: SpiderControl
Equipment: SCADA Web Server
Vulnerability: Directory Traversal

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03

ZDI Advisory:
http://www.zerodayinitiative.com/advisories/ZDI-17-695

CVE-ID
CVE-2017-12694

AFFECTED PRODUCTS
The following versions of SpiderControl SCADA Web Server, a software management platform, are affected:

  • SCADA Web Server < version 2.02.0100


IMPACT

Successful exploitation of this vulnerability allows an attacker to gain read access to system files through directory traversal.

Read on for details.

Read more

01 Sep 2017

[ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow

Vendor: SpiderControl
Equipment: SCADA MicroBrowser
Vulnerability: Stack-based Buffer Overflow

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02

ZDI Advisory
http://www.zerodayinitiative.com/advisories/ZDI-17-694/

CVE-ID
CVE-2017-12707

AFFECTED PRODUCTS
The following versions of SCADA MicroBrowser, a software management platform, are affected:

  • SCADA MicroBrowser Versions 1.6.30.144 and prior.

IMPACT

Successful exploitation of this vulnerability could allow an attacker to gain access to the system, manipulate system files, and potentially render the system unavailable.

Read on for details.

Read more