iniNet Solutions SpiderControl SCADA PC HMI Editor

Plan Patch8ICS-CERT ICSA-24-298-02Oct 24, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Path traversal vulnerability in SpiderControl SCADA PC HMI Editor versions up to 8.10.00.00 allows an authenticated attacker to upload or manipulate files outside intended directories. Successful exploitation could allow remote control of the SCADA device and its connected industrial processes. The vulnerability is triggered when a user saves and deploys a malicious project file created in the vulnerable editor.

What this means

What could happen

An attacker with valid engineering credentials could manipulate the HMI Editor to gain remote control of the SpiderControl SCADA system, potentially altering process parameters, stopping operations, or disrupting energy and manufacturing processes.

Who's at risk

Engineering teams and SCADA operators at energy utilities and manufacturing plants that use SpiderControl SCADA PC HMI Editor. This affects anyone responsible for configuring or deploying SCADA control logic and HMI interfaces, particularly in electric generation, distribution, and industrial automation environments.

How it could be exploited

An attacker with valid engineering workstation login credentials could exploit a path traversal vulnerability in the HMI Editor to upload or modify malicious code or configuration files. Once the modified editor project is saved and deployed to the SCADA PC, the attacker gains remote command execution on the control system.

Prerequisites

Valid engineering workstation credentials for SpiderControl HMI Editor
Network access to the HMI Editor application
User action required: the victim must save and deploy the modified project to the SCADA PC

Requires valid engineering credentials (not unauthenticated)Requires user interaction (victim must deploy modified project)Low complexity attack once credentials obtainedHigh impact: remote code execution on control systemsAffects critical infrastructure (energy, manufacturing)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

SpiderControl SCADA PC HMI Editor: 8.10.00.008.10.00.008.24.00.00

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to HMI Editor workstations; do not expose them directly to the internet

WORKAROUNDIf remote access to HMI Editor is required, use VPN with current security patches and require multi-factor authentication

HARDENINGEnforce strong access control: limit HMI Editor credentials to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SpiderControl SCADA PC HMI Editor to version 8.24.00.00 or later

Long-term hardening

0/1

HARDENINGIsolate SpiderControl SCADA networks from business networks using firewalls and network segmentation

CVEs (1)

CVE-2024-10313

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/15cdff30-b151-4d16-b306-34791b42a96f