OTPulse
FeedAboutContact

SpiderControl SCADAWebServer

Monitor4.9ICS-CERT ICSA-23-173-03Jun 23, 2023
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

SpiderControl SCADAWebServer versions 2.08 and earlier contain a directory traversal vulnerability (CWE-22) in the file upload feature. Successful exploitation results in denial-of-service condition.

What this means
What could happen
An attacker with administrative credentials could upload malicious files or overwrite critical web server files, causing the SCADA web interface to become unavailable and preventing operators from remotely monitoring or controlling systems.
Who's at risk
Energy sector operators using SpiderControl SCADAWebServer for remote monitoring and control of SCADA systems. This affects any facility relying on the web-based interface for system visibility or control operations.
How it could be exploited
An attacker with administrative access to the SCADAWebServer web interface uses the file upload feature to perform a directory traversal attack (e.g., uploading to ../../../ paths) to write files outside the intended upload directory, overwriting or corrupting the web server's HTML or configuration files to trigger a denial-of-service.
Prerequisites
  • Administrative credentials for SCADAWebServer web interface
  • Network access to the web server port
  • File upload feature enabled on the target device
requires administrative authenticationaffects SCADA web interface availabilityno vendor patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SCADAWebServer: <= 2.08≤ 2.08No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDDisable the file upload feature by setting file_upload_en to 0 in C:\www\ZelsWebServ.xml
HARDENINGRestrict administrative access to the SCADAWebServer web interface using network firewall rules; allow access only from trusted engineering workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for requests to the file upload endpoint and directory traversal patterns (../ sequences) in web server logs
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dafa61f4-8096-4b92-8e5a-1ab3ccbe1cd5
SpiderControl SCADAWebServer | CVSS 4.9 - OTPulse