SpiderControl SCADA Web Server
Monitor5.3ICS-CERT ICSA-17-250-01Sep 7, 2017
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SpiderControl SCADA Web Server version 2.02.0007 and prior contains an improper access control vulnerability. The flaw allows a local attacker with user-level privileges to gain elevated access to the web server, potentially modifying system settings or accessing sensitive operational data.
What this means
What could happen
An attacker with local access to the SCADA Web Server could escalate privileges and modify operational parameters or view sensitive configuration data, potentially disrupting monitoring and control of energy infrastructure.
Who's at risk
Energy utilities operating SpiderControl SCADA systems should assess their use of the SCADA Web Server component, particularly in organizations with remote or network-accessible SCADA environments. This affects monitoring and control systems used in power generation and distribution.
How it could be exploited
An attacker must first gain local access to the machine running SCADA Web Server (physical presence, compromised account, or remote code execution). Once local, they can exploit the improper access control vulnerability in the web server process to escalate privileges without additional user interaction.
Prerequisites
- <parameter name="item">Local access to the SCADA Web Server host machine
<parameter name="item">No patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SCADA Web Server - SCADA Web ServerSCADA Web Server Version 2.02.0007 and priorNo fix (EOL)
Remediation & Mitigation
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability.
CVEs (1)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/a11e6eb7-383a-4471-8a66-68c15ba99bcd