2 matches found
CVE-2017-12728
SpiderControl SCADA Web Server is affected: Version 2.02.0007 and earlier suffer from improper privilege management (CWE-269). Authenticated, non-administrative local users can modify the service executable with escalated privileges, potentially enabling arbitrary code execution in the context of...
CVE-2018-18991
SpiderControl SCADA WebServer (versions prior to 2.03.0001) is affected by CVE-2018-18991: a reflected cross-site scripting (non-persistent) flaw caused by improper input neutralization during web page generation. An attacker can craft a URL to execute JavaScript in a victim’s browser. Mitigation...