Lucene search
HistoryAug 03, 2023 - 7:15 p.m.
CVE-2023-0956
cve-2023-0956
external input
tel-ster
telwin scada
webinterface
unauthenticated access
read files
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
Affected configurations
Node
tel-stertelwin_scada_webinterfaceRange3.2–6.2
ORtel-stertelwin_scada_webinterfaceRange7.0–7.2
ORtel-stertelwin_scada_webinterfaceMatch8.0
ORtel-stertelwin_scada_webinterfaceMatch9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tel-ster | telwin_scada_webinterface | * | cpe:2.3:a:tel-ster:telwin_scada_webinterface:*:*:*:*:*:*:*:* |
| tel-ster | telwin_scada_webinterface | 8.0 | cpe:2.3:a:tel-ster:telwin_scada_webinterface:8.0:*:*:*:*:*:*:* |
| tel-ster | telwin_scada_webinterface | 9.0 | cpe:2.3:a:tel-ster:telwin_scada_webinterface:9.0:*:*:*:*:*:*:* |
Related
ics
ics
TEL-STER TelWin SCADA WebInterface
2023-08-03 12:00:00
prion
prion
Xxe
2023-08-03 19:15:00
cve
cve
CVE-2023-0956
2023-08-03 19:15:10
cvelist
cvelist
CVE-2023-0956 TEL-STER TelWin SCADA WebInterface Path Traversal
2023-08-03 18:08:13
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
Related for NVD:CVE-2023-0956