CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8232 – iniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2024-8232
10 Sep 2024 — SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18991
https://notcve.org/view.php?id=CVE-2018-18991
04 Dec 2018 — Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. Cross-Site Scripting (XSS) reflejado (no persistente) en SCADA WebServer (versiones anteriores a la 2.03.0001) podría permitir que un atacante envíe una URL manipulada que contiene JavaScript, que puede reflejarse desde la aplicación web hasta el navegador de la víctima. • http://www.securityfocus.com/bid/106105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12728 – SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
https://notcve.org/view.php?id=CVE-2017-12728
04 Oct 2017 — An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services. Se ha descubierto un problema de gestión incorrecta de privilegios en SpiderControl SCADA Web Server en versiones 2.02.0007 y anteriores. Los usuarios locales autenticados y no a... • https://packetstorm.news/files/id/144817 • CWE-269: Improper Privilege Management •