TEL-STER TelWin SCADA WebInterface

Monitor7.5ICS-CERT ICSA-23-215-03Aug 3, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The TelWin SCADA WebInterface contains a file disclosure vulnerability that allows an unauthenticated attacker to read arbitrary files on the system. Affected versions include WebInterface 3.2–6.0, 7.0, 8.0, and 9.0. The vulnerability is exploitable remotely with low complexity and does not require authentication. No known public exploits currently target this issue.

What this means

What could happen

An unauthenticated attacker with network access to the WebInterface could read sensitive files on the SCADA system without credentials, potentially exposing configuration data, credentials, or process information.

Who's at risk

Energy sector organizations using TelWin SCADA systems with vulnerable WebInterface versions (3.2–6.0, 7.0, 8.0, and 9.0) should prioritize this issue. The WebInterface is a critical point of network exposure if exposed to untrusted networks or if the system is accessible from the internet.

How it could be exploited

An attacker on the network sends crafted requests to the TelWin SCADA WebInterface service (default or exposed on the network). Because no authentication is required and the vulnerability has low attack complexity, the attacker can retrieve arbitrary files from the system and view their contents.

Prerequisites

- Network access to the TelWin SCADA WebInterface service (typically port 80/443) - No authentication credentials required - System must be running affected WebInterface versions

- Remotely exploitable - No authentication required - Low attack complexity - No patch available for versions below 6.0

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

TelWin SCADA WebInterface: >= 3.2 | < 6.1≥ 3.2 | < 6.1No fix yet

TelWin SCADA WebInterface: >= 7.0 | < 7.1≥ 7.0 | < 7.1No fix yet

TelWin SCADA WebInterface: 8.0 | 9.08.0 | 9.0No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the WebInterface service using firewall rules; block inbound connections from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TelWin SCADA WebInterface module to version 6.2, 7.2, 8.1, 9.1, or 10.0

Long-term hardening

0/2

HARDENINGIf remote access is required, implement a VPN with strong authentication and keep it updated to the latest version

HARDENINGIsolate the SCADA network from the business network using network segmentation

CVEs (1)

CVE-2023-0956

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d395332e-7356-46e6-b181-a0b241a06e45