6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI’s upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
CPE | Name | Operator | Version |
---|---|---|---|
spidercontrol:scadawebserver | spidercontrol scadawebserver | le | 2.08 |
[
{
"vendor": "iniNet",
"product": "SCADAWebServer",
"versions": [
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "2.08",
"versionType": "custom"
}
]
}
]
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%