SpiderControl Fixes SCADA Web Server

Tuesday, August 22, 2017 @ 04:08 PM gHale


SpiderControl created new software to mitigate a directory traversal vulnerability in its SCADA Web Server, according to a report with ICS-CERT.

A software management platform, all versions of SCADA Web Server suffer from the remotely exploitable issue, discovered by Karn Ganeshen, working with Trend Micro’s Zero Day Initiative (ZDI).

RELATED STORIES
SpiderControl MicroBrowser Fixed
Marel Updates Food Processing Systems
Philips Clears Portal Vulnerabilities
Vulnerability in CPAP Machine

Successful exploitation of this vulnerability could cause an attacker to gain read access to system files through directory traversal.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level would be able to exploit the vulnerability.

In the vulnerability, an attacker may be able to use a simple GET request to perform a directory traversal into system files.

CVE-2017-12694 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use mainly in the critical manufacturing sector. It also sees action mainly in Europe.

Switzerland-based SpiderControl produced a new version of the software (Version 2.02.0100).



Leave a Reply

You must be logged in to post a comment.