85 matches found
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management Vulnerability
SpiderControl SCADA Web Server versions 2.02.0007 and below suffer from an improper privilege management vulnerability. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management Advisory URL...
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management Advisory URL https://ipositivesecurity.com/2017/10/28/ics-spidercontrol-scada-web-server-improper-privilege-management-vulnerability/ ICS-CERT Advisory...
SpiderControl MicroBrowser Arbitrary Code Execution Vulnerability
MicroBrowser is a touch screen operating system. An arbitrary code execution vulnerability exists in SpiderControl MicroBrowser, which allows an attacker to execute arbitrary code on the system by placing a specially crafted DLL file in the search path...
SpiderControl MicroBrowser
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: SpiderControl Equipment: MicroBrowser Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected: MicroBrowser...
CVE-2017-12728
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...
CVE-2017-12728
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...
Input validation
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...
CVE-2017-12728
SpiderControl SCADA Web Server is affected: Version 2.02.0007 and earlier suffer from improper privilege management (CWE-269). Authenticated, non-administrative local users can modify the service executable with escalated privileges, potentially enabling arbitrary code execution in the context of...
CVE-2017-12728
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...
SpiderControl SCADA Web Server Elevation of Privilege Vulnerability
SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...
SpiderControl SCADA Web Server
CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management AFFECTED PRODUCTS The following versions of SCADA Web Server, a software management platform, are affected: SCADA Web Server Version 2.02.0007 and prior...
CVE-2017-12707
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...
CVE-2017-12707
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...
Directory traversal
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...
CVE-2017-12694
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...
Stack overflow
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...
CVE-2017-12707
SpiderControl SCADA MicroBrowser suffers a stack-based buffer overflow (CVE-2017-12707) in the handling of StaticHTMLTagsFileName, affecting versions 1.6.30.144 and earlier. The flaw arises from insufficient validation of user-supplied data before copying into a fixed-length stack buffer, enablin...
CVE-2017-12707
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...
CVE-2017-12694
The CVE-2017-12694 entry describes a Directory Traversal vulnerability in SpiderControl SCADA Web Server. Affected software is the SpiderControl SCADA Web Server; the flaw allows an attacker to perform a path traversal via a simple GET request to access system files. Impact is read access to rest...
CVE-2017-12694
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...