SpiderControl MicroBrowser

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: SpiderControl Equipment: MicroBrowser Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected: MicroBrowser...

CVE-2017-12728

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...

CVE-2017-12728

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...

Input validation

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...

CVE-2017-12728

SpiderControl SCADA Web Server is affected: Version 2.02.0007 and earlier suffer from improper privilege management (CWE-269). Authenticated, non-administrative local users can modify the service executable with escalated privileges, potentially enabling arbitrary code execution in the context of...

CVE-2017-12728

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...

SpiderControl SCADA Web Server Elevation of Privilege Vulnerability

SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...

SpiderControl SCADA Web Server

CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management AFFECTED PRODUCTS The following versions of SCADA Web Server, a software management platform, are affected: SCADA Web Server Version 2.02.0007 and prior...

CVE-2017-12707

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...

CVE-2017-12694

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...

Stack overflow

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...

CVE-2017-12707

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...

Directory traversal

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...

CVE-2017-12694

The CVE-2017-12694 entry describes a Directory Traversal vulnerability in SpiderControl SCADA Web Server. Affected software is the SpiderControl SCADA Web Server; the flaw allows an attacker to perform a path traversal via a simple GET request to access system files. Impact is read access to rest...

CVE-2017-12694

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...

CVE-2017-12707

SpiderControl SCADA MicroBrowser suffers a stack-based buffer overflow (CVE-2017-12707) in the handling of StaticHTMLTagsFileName, affecting versions 1.6.30.144 and earlier. The flaw arises from insufficient validation of user-supplied data before copying into a fixed-length stack buffer, enablin...

CVE-2017-12707

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...

SpiderControl SCADA Web Server Detection (HTTP)

Detection of SpiderControl SCADA Web Server. The script sends a connection request to the server and attempts to detect SpiderControl SCADA Web Server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within web server access to the scdefault directory. The issue results from the...

SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...