SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-691138896] SpiderControl SCADA Web Server

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-09-07OtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT. N/ACVE-2017-1272 N/AN/AN/A

Source

						
							
								
#
# SpiderControl SCADA Web Server
#


### VULNERABLE VENDOR
SpiderControl


### VULNERABLE PRODUCT
SCADA Web Server



### RESEARCHER
Karn Ganeshen reported this vulnerability to ICS-CERT.



### AFFECTED PRODUCTS

The following versions of SCADA Web Server, a software management platform, are affected:

SCADA Web Server Version 2.02.0007 and prior.



### IMPACT

Successful exploitation of this vulnerability could allow authenticated system users to escalate their privileges under certain conditions.



### VULNERABILITY OVERVIEW

IMPROPER PRIVILEGE MANAGEMENT CWE-269
Authenticated, non-administrative local users are able to alter service executables with escalated privileges which could allow an attacker to execute arbitrary code under the context of the current system services.
CVE-2017-12728 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Europe
Company Headquarters Location: Switzerland




### MITIGATION

SpiderControl has produced a new version of the software (Version 2.02.0100) that can be found at the following link. A login is required to view the download.

http://spidercontrol.net/downloads-support/user-downloads/