SpiderControl MicroBrowser Fixed

Tuesday, August 22, 2017 @ 03:08 PM gHale


SpiderControl created new software to mitigate a stack-based buffer overflow vulnerability in its SCADA MicroBrowser, according to a report with ICS-CERT.

A software management platform, SCADA MicroBrowser Versions 1.6.30.144 and prior suffer from the remotely exploitable vulnerability, discovered by Karn Ganeshen, working with Trend Micro’s Zero Day Initiative (ZDI).

RELATED STORIES
Marel Updates Food Processing Systems
Philips Clears Portal Vulnerabilities
Vulnerability in CPAP Machine
Advantech Unable to Verify WebOP Hole

Successful exploitation of this vulnerability could allow an attacker to gain access to the system, manipulate system files, and potentially render the system unavailable.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

In the vulnerability, opening a maliciously crafted html file may cause a stack overflow.

CVE-2017-12707 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector. For the most part, it sees action in Europe.

Switzerland-based SpiderControl produced a new version of the software (Version 1.6.40.148).



Leave a Reply

You must be logged in to post a comment.