SpiderControl SCADA WebServer Hole Fixed

Tuesday, December 4, 2018 @ 03:12 PM gHale

SpiderControl released a new version to mitigate a reflected cross-site scripting vulnerability in its SCADA WebServer, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ismail Bulbul, could allow an attacker to execute JavaScript on the victim’s browser.

RELATED STORIES
Update Fixes Omron CX-One Holes
Pilz Fixes Safety Controller Hole
Holes in INVT Electric VT-Designer
AVEVA Fixes Vijeo Citect, Citect SCADA Hole

A software management platform, SCADA WebServer: versions prior to 2.03.0001 suffer from the vulnerability.

Reflected cross-site scripting (non-persistent) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim’s browser.

CVE-2018-18991 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

The product sees use mainly in the critical manufacturing sector. It sees action in Europe.

No known public exploits specifically target this vulnerability; however, common techniques may be used to exploit. An attacker with low skill level could leverage the vulnerability.

Switzerland-baesd SpiderControl released Version 2.03.0001, which fixes the vulnerability.



Leave a Reply

You must be logged in to post a comment.