CVE-2023-30459

Name of the Vulnerable Software and Affected Versions SmartPTT SCADA version 1.1.0.0

Description The issue allows remote code execution when an attacker has administrator privileges by writing a malicious C# script and executing it on the server. This can be done via server settings in the administrator control panel, which by default listens on port 8101. The vulnerability is related to errors in authorization in the Setting Handler component of the scada-server.

Recommendations For SmartPTT SCADA version 1.1.0.0, consider disabling the administrator control panel or restricting access to it until a patch is available. As a temporary workaround, avoid using the server settings to execute scripts on the server. Restrict access to port 8101 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.