OTPulse
FeedAboutContact

SpiderControl SCADA WebServer

Monitor6.1ICS-CERT ICSA-18-338-02Dec 4, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

SpiderControl SCADA WebServer versions prior to 2.03.0001 contain a stored or reflected cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in a victim's browser when the victim visits a malicious web page or clicks a crafted link to the WebServer.

What this means
What could happen
An attacker could inject malicious JavaScript that runs in the browser of SCADA operators accessing the WebServer, potentially allowing session hijacking, credential theft, or manipulation of displayed control commands without alerting the operator.
Who's at risk
Energy utilities operating SpiderControl SCADA WebServer for remote monitoring and control of generation, transmission, or distribution equipment. Affects any operator workstation or tablet used to access the web interface for system diagnostics or emergency operations.
How it could be exploited
An attacker crafts a malicious URL or web page containing JavaScript payload and tricks an operator into clicking the link or visiting the page while logged into the SCADA WebServer. The injected script executes in the operator's browser with the same privileges as the authenticated session, enabling credential interception or unauthorized command execution.
Prerequisites
  • Network access to the SCADA WebServer
  • An authenticated operator must click a malicious link or visit a crafted web page
  • User interaction required (cannot be exploited silently)
remotely exploitableuser interaction requiredlow complexity attackaffects control system visibility and command chain
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SCADA WebServer:< 2.03.00012.03.0001
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDTrain operators not to click links from untrusted sources directing them to the SCADA WebServer
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SpiderControl SCADA WebServer to version 2.03.0001 or later
Long-term hardening
0/2
HARDENINGRestrict web browser access to the SCADA WebServer to a trusted network segment or VPN
HARDENINGImplement HTTP headers (Content-Security-Policy, X-XSS-Protection) on the WebServer if configurable
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/aacda13a-ee35-4614-967a-f7fa4e2744c5
SpiderControl SCADA WebServer | CVSS 6.1 - OTPulse