SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-577585686] SpiderControl SCADA MicroBrowser

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-08-22OtherSpiderControlKarn Ganeshen, working with Trend Micro’s Zero Day Initiative (ZDI), discovered this vulnerability. N/ACVE-2017-1270 N/AN/AN/A

Source

						
							
								
#
# SpiderControl SCADA MicroBrowser
#


### VULNERABLE VENDOR
SpiderControl


### VULNERABLE PRODUCT
SCADA MicroBrowser



### RESEARCHER
Karn Ganeshen, working with Trend Micro's Zero Day Initiative (ZDI), discovered this vulnerability.



### AFFECTED PRODUCTS

The following versions of SCADA MicroBrowser, a software management platform, are affected:

SCADA MicroBrowser Versions 1.6.30.144 and prior.



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to gain access to the system, manipulate system files, and potentially render the system unavailable.



### VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW CWE-121
Opening a maliciously crafted html file may cause a stack overflow.
CVE-2017-12707 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Europe
Company Headquarters Location: Switzerland




### MITIGATION

SpiderControl has produced a new version of the software (Version 1.6.40.148) that can be found at:

http://www.ininet.ch/public/MicroBrowser/XP/index.html