CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8232 – iniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2024-8232
10 Sep 2024 — SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3329 – CVE-2023-3329
https://notcve.org/view.php?id=CVE-2023-3329
02 Aug 2023 — SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18991
https://notcve.org/view.php?id=CVE-2018-18991
04 Dec 2018 — Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. Cross-Site Scripting (XSS) reflejado (no persistente) en SCADA WebServer (versiones anteriores a la 2.03.0001) podría permitir que un atacante envíe una URL manipulada que contiene JavaScript, que puede reflejarse desde la aplicación web hasta el navegador de la víctima. • http://www.securityfocus.com/bid/106105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14010
https://notcve.org/view.php?id=CVE-2017-14010
26 Apr 2018 — In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. En SpiderControl MicroBrowser en Windows XP, Vista 7, 8 y 10, en sus versiones 1.6.30.144 y anteriores, se ha identificado una vulnerabilidad no controlad... • http://spidercontrol.net/download/downloadarea/?lang=en • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2017-13995
https://notcve.org/view.php?id=CVE-2017-13995
04 Oct 2017 — An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. Se ha descubierto un problema de autenticación incorrecta en iniNet Solutions iniNet Webserver en todas las versiones anteriores a la V2.02.0111. El servidor web no autentica correctamente a los usuarios, lo que podría permitir ... • http://www.securityfocus.com/bid/100951 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12728 – SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
https://notcve.org/view.php?id=CVE-2017-12728
04 Oct 2017 — An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services. Se ha descubierto un problema de gestión incorrecta de privilegios en SpiderControl SCADA Web Server en versiones 2.02.0007 y anteriores. Los usuarios locales autenticados y no a... • https://packetstorm.news/files/id/144817 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-12694 – SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-12694
23 Aug 2017 — A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. Se ha descubierto un problema de salto de directorio en SpiderControl SCADA Web Server. Un atacante podría ser capaz de emplear una petición GET para realizar un salto de directorio en archivos de sistema. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SC... • http://www.securityfocus.com/bid/100456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12707 – SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12707
23 Aug 2017 — A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. Se ha descubierto un problema de desbordamiento de búfer basado en pila en SpiderControl SCADA MicroBrowser en su versión 1.6.30.144 y anteriores. Abrir un archivo html manipulado maliciosamente podría provocar un desbordamiento de la pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable in... • http://www.securityfocus.com/bid/100453 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •