PT-2023-4280 · Tel Ster · Tel-Ster Telwin Scada Webinterface

Marcin Dudek

Publicado

2023-08-03

Atualizado

2023-08-08

CVE-2023-0956

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions TEL-STER TelWin SCADA WebInterface (affected versions not specified)

Description The issue is related to the TEL-STER TelWin SCADA WebInterface, where external input could be used to construct paths to files and directories without properly neutralizing special elements within the pathname. This could allow an unauthenticated attacker to read files on the system. The vulnerability is associated with incorrect restriction of the directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2023-04598

CVE-2023-0956

Produtos afetados

Tel-Ster Telwin Scada Webinterface

PT-2023-4280 · Tel Ster · Tel-Ster Telwin Scada Webinterface

CVE-2023-0956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9