Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by iniNet Solutions
CVE-2024-10313 (GCVE-0-2024-10313)
Vulnerability from cvelistv5 – Published: 2024-10-24 17:41 – Updated: 2024-10-24 18:29
VLAI?
Title
iniNet Solutions SpiderControl SCADA PC HMI Editor Path Traversal
Summary
iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal
vulnerability. When the software loads a malicious ‘ems' project
template file constructed by an attacker, it can write files to
arbitrary directories. This can lead to overwriting system files,
causing system paralysis, or writing to startup items, resulting in
remote control.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iniNet Solutions | SpiderControl SCADA PC HMI Editor |
Affected:
8.10.00.00
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spidercontrol:scada_pc_hmi_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "scada_pc_hmi_editor",
"vendor": "spidercontrol",
"versions": [
{
"status": "affected",
"version": "8.10.00.00"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:23:13.626806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:29:45.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpiderControl SCADA PC HMI Editor",
"vendor": "iniNet Solutions",
"versions": [
{
"status": "affected",
"version": "8.10.00.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "elcazator from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc. reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal \nvulnerability. When the software loads a malicious \u2018ems\u0027 project \ntemplate file constructed by an attacker, it can write files to \narbitrary directories. This can lead to overwriting system files, \ncausing system paralysis, or writing to startup items, resulting in \nremote control."
}
],
"value": "iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal \nvulnerability. When the software loads a malicious \u2018ems\u0027 project \ntemplate file constructed by an attacker, it can write files to \narbitrary directories. This can lead to overwriting system files, \ncausing system paralysis, or writing to startup items, resulting in \nremote control."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:41:56.069Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iniNet Solutions recommends that users update SpiderControl SCADA PC HMI Editor to version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://spidercontrol.net/download/download-area-2/?lang=en#editor\"\u003e8.24.00.00\u003c/a\u003e to mitigate this vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "iniNet Solutions recommends that users update SpiderControl SCADA PC HMI Editor to version 8.24.00.00 https://spidercontrol.net/download/download-area-2/ to mitigate this vulnerability."
}
],
"source": {
"advisory": "ICSA-24-298-02",
"discovery": "EXTERNAL"
},
"title": "iniNet Solutions SpiderControl SCADA PC HMI Editor Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-10313",
"datePublished": "2024-10-24T17:41:56.069Z",
"dateReserved": "2024-10-23T18:25:15.297Z",
"dateUpdated": "2024-10-24T18:29:45.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}