Vulnerability-Lookup

GHSA-CHR6-5733-MH8R

Vulnerability from github – Published: 2023-08-03 21:30 – Updated: 2024-04-04 06:32

Details

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T19:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nExternal input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.\n\n",
  "id": "GHSA-chr6-5733-mh8r",
  "modified": "2024-04-04T06:32:15Z",
  "published": "2023-08-03T21:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0956"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2023/07/CVE-2023-0956"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03"
    },
    {
      "type": "WEB",
      "url": "https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-0956 (GCVE-0-2023-0956)

Vulnerability from cvelistv5 – Published: 2023-08-03 18:08 – Updated: 2025-01-16 21:31

Title

TEL-STER TelWin SCADA WebInterface Path Traversal

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

cwe-35 Path Traversal

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	https://www.tel-ster.pl/index.php/telwin-scada/no…
	https://cert.pl/posts/2023/07/CVE-2023-0956/

Impacted products

	Vendor	Product	Version
	TEL-STER	TelWin SCADA WebInterface	Affected: 3.2 , ≤ 6.1 (custom) Affected: 7.0 , ≤ 7.1 (custom) Affected: 8.0 , ≤ 9.0 (custom)

Credits

Marcin Dudek of CERT.PL reported this vulnerability to TEL-STER.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:46.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.pl/posts/2023/07/CVE-2023-0956/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:20:48.250297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:31:03.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "TelWin SCADA WebInterface",
          "vendor": "TEL-STER",
          "versions": [
            {
              "lessThanOrEqual": "6.1",
              "status": "affected",
              "version": "3.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.0",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Marcin Dudek of CERT.PL reported this vulnerability to TEL-STER."
        }
      ],
      "datePublic": "2023-08-03T18:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExternal input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nExternal input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "cwe-35 Path Traversal",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T18:08:13.924Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03"
        },
        {
          "url": "https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956"
        },
        {
          "url": "https://cert.pl/posts/2023/07/CVE-2023-0956/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eTEL-STER recommends that users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tel-ster.pl/index.php/en/telwin-scada-eng/news-telwin-eng\"\u003eupdate WebInterface module\u003c/a\u003e\u0026nbsp;to one of the following versions: 6.2, 7.2, 8.1, 9.1, or 10.0. Please note that the WebInterface is part of the TelWin SCADA software and is usually updated with the software. TEL-STER only currently supports and updates TelWin SCADA 7.8 (WebInteraface 6.x) upwards TEL-STER does not have any updates planned for versions using older vulnerable WebInterface (lower than 6.0), and users are recommended to update TelWin SCADA to one of the supported versions. For more information, please contact TEL-STER.\u003c/p\u003e\u003cp\u003eMore information about this issue and the associated mitigation can be found at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956\"\u003eTEL-STER advisory\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert.pl/posts/2023/07/CVE-2023-0956/\"\u003eCERT.PL advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTEL-STER recommends that users  update WebInterface module https://www.tel-ster.pl/index.php/en/telwin-scada-eng/news-telwin-eng \u00a0to one of the following versions: 6.2, 7.2, 8.1, 9.1, or 10.0. Please note that the WebInterface is part of the TelWin SCADA software and is usually updated with the software. TEL-STER only currently supports and updates TelWin SCADA 7.8 (WebInteraface 6.x) upwards TEL-STER does not have any updates planned for versions using older vulnerable WebInterface (lower than 6.0), and users are recommended to update TelWin SCADA to one of the supported versions. For more information, please contact TEL-STER.\n\nMore information about this issue and the associated mitigation can be found at  TEL-STER advisory https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956 \u00a0or  CERT.PL advisory https://cert.pl/posts/2023/07/CVE-2023-0956/ .\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "TEL-STER TelWin SCADA WebInterface Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-0956",
    "datePublished": "2023-08-03T18:08:13.924Z",
    "dateReserved": "2023-02-22T16:00:49.434Z",
    "dateUpdated": "2025-01-16T21:31:03.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-CHR6-5733-MH8R

CVE-2023-0956 (GCVE-0-2023-0956)

Tags

Sightings

Nomenclature