SpiderControl SCADA WebServer Hole Fixed

Tuesday, December 4, 2018 @ 03:12 PM gHale

SpiderControl released a new version to mitigate a reflected cross-site scripting vulnerability in its SCADA WebServer, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ismail Bulbul, could allow an attacker to execute JavaScript on the victim’s browser.

Update Fixes Omron CX-One Holes
Pilz Fixes Safety Controller Hole
Holes in INVT Electric VT-Designer
AVEVA Fixes Vijeo Citect, Citect SCADA Hole

A software management platform, SCADA WebServer: versions prior to 2.03.0001 suffer from the vulnerability.

Reflected cross-site scripting (non-persistent) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim’s browser.

CVE-2018-18991 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

The product sees use mainly in the critical manufacturing sector. It sees action in Europe.

No known public exploits specifically target this vulnerability; however, common techniques may be used to exploit. An attacker with low skill level could leverage the vulnerability.

Switzerland-baesd SpiderControl released Version 2.03.0001, which fixes the vulnerability.

Leave a Reply

You must be logged in to post a comment.