CVE-2017-12728

Name of the Vulnerable Software and Affected Versions SpiderControl SCADA Web Server versions 2.02.0007 and prior

Description An issue with improper privilege management was found, allowing authenticated, non-administrative local users to modify service executables with elevated privileges. This could enable an attacker to execute arbitrary code in the context of the current system services.

Recommendations For SpiderControl SCADA Web Server versions 2.02.0007 and prior, consider restricting access to service executables to prevent modification with escalated privileges until a patch is available. As a temporary workaround, limit the privileges of non-administrative local users to minimize the risk of exploitation.