CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12707 – SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12707
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. Se ha descubierto un problema de desbordamiento de búfer basado en pila en SpiderControl SCADA MicroBrowser en su versión 1.6.30.144 y anteriores. Abrir un archivo html manipulado maliciosamente podría provocar un desbordamiento de la pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. • http://www.securityfocus.com/bid/100453 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-12694 – SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-12694
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. Se ha descubierto un problema de salto de directorio en SpiderControl SCADA Web Server. Un atacante podría ser capaz de emplear una petición GET para realizar un salto de directorio en archivos de sistema. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. • http://www.securityfocus.com/bid/100456 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •