Lucene search

[email protected]CVE-2023-3329

HistoryAug 02, 2023 - 11:15 p.m.

CVE-2023-3329

2023-08-0223:15:10

[email protected]

web.nvd.nist.gov

cve-2023-3329

spidercontrol scada webserver

path traversal

file overwrite

denial-of-service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI’s upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.

Affected configurations

NVD

Node

spidercontrolscadawebserverRange≤2.08

CPENameOperatorVersion
spidercontrol:scadawebserverspidercontrol scadawebserverle2.08

CPE	Name	Operator	Version
spidercontrol:scadawebserver	spidercontrol scadawebserver	le	2.08

CNA Affected

[
  {
    "vendor": "iniNet",
    "product": "SCADAWebServer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "2.08",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-173-03

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVE-2023-3329

ics1 cvelist1 nvd1 prion1