SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
History

Tue, 29 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-08-02T22:26:07.157Z

Updated: 2024-10-29T17:48:43.098Z

Reserved: 2023-06-19T17:52:02.498Z

Link: CVE-2023-3329

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:03.291Z

cve-icon NVD

Status : Modified

Published: 2023-08-02T23:15:10.547

Modified: 2024-11-21T08:17:01.620

Link: CVE-2023-3329

cve-icon Redhat

No data.