iniNet Solutions SpiderControl SCADA Web Server

Plan PatchCVSS 7.5ICS-CERT ICSA-24-254-02Sep 10, 2024

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

iniNet Solutions SpiderControl SCADA Web Server versions 2.09 and earlier contain a file upload vulnerability (CWE-434) that allows an unauthenticated attacker with network access to upload arbitrary files or bypass authentication, potentially leading to unauthorized access or code execution on the SCADA server. The vulnerability is fixed in version 3.2.2. The vendor recommends deploying the web server only in protected environments behind firewalls and not directly on the internet; remote access should use secure methods such as VPNs.

What this means

What could happen

An attacker could log in to the SpiderControl web server or run arbitrary code on it, potentially allowing them to modify control system settings, alter process parameters, or disrupt normal operations at energy facilities.

Who's at risk

Energy sector organizations (utilities, power generation facilities, substations) that deploy iniNet Solutions SpiderControl SCADA Web Server for monitoring and control. Any site running version 2.09 or earlier is at risk, especially if the web server is accessible from untrusted networks or the internet.

How it could be exploited

An attacker with network access to the SpiderControl web server (typically port 80 or 443) can exploit the vulnerability without authentication to upload malicious files or bypass login controls. If the web server is exposed to the internet or reachable from an untrusted network, exploitation can be attempted remotely.

Prerequisites

Network access to the SpiderControl SCADA web server (HTTP/HTTPS ports)
No authentication required
Affected version 2.09 or earlier deployed and reachable from attacker's network

remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5)affects SCADA/control systemfile upload vulnerability (CWE-434)

Exploitability

Some exploitation risk — EPSS score 4.5%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

SpiderControl SCADA Web Server: <=v2.09≤ v2.093.2.2

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement a firewall rule to restrict inbound HTTP/HTTPS access to the SpiderControl web server to trusted management networks only; block direct internet access

HARDENINGEnsure the SpiderControl SCADA Server is not directly accessible from the internet; if remote access is required, deploy it behind a VPN or jump server

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SpiderControl SCADA Server to version 3.2.2 or later

Long-term hardening

0/1

HARDENINGSegment the control system network from the business network to prevent lateral movement if the web server is compromised

CVEs (1)

CVE-2024-8232

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8b6a4b84-8ea3-454b-9f98-203dd5b13b87

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.