Vulnerability CVE-2017-12728


Published: 2017-10-04   Modified: 2017-10-05

Description:
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
Karn Ganeshen
01.11.2017

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Spidercontrol -> Scada web server 

 References:
http://www.securityfocus.com/bid/100668
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01

Copyright 2021, cxsecurity.com

 

Back to Top