Lucene search

IcscertCVELIST:CVE-2023-0956

HistoryAug 03, 2023 - 6:08 p.m.

CVE-2023-0956 TEL-STER TelWin SCADA WebInterface Path Traversal

2023-08-0318:08:13

icscert

www.cve.org

tel-ster

telwin

scada

external input

vulnerability

path traversal

unauthenticated attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.0%

JSON

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TelWin SCADA WebInterface",
    "vendor": "TEL-STER",
    "versions": [
      {
        "lessThanOrEqual": "6.1",
        "status": "affected",
        "version": "3.2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "7.1",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.0",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/posts/2023/07/CVE-2023-0956/

www.cisa.gov/news-events/ics-advisories/icsa-23-215-03

www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.0%

JSON

Related for CVELIST:CVE-2023-0956