CVE-2023-3329

Name of the Vulnerable Software and Affected Versions SpiderControl SCADA Webserver versions 2.08 and prior

Description The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to cause a denial-of-service condition. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature, potentially creating size zero files anywhere on the webserver and overwriting system files.

Recommendations For SpiderControl SCADA Webserver versions 2.08 and prior, consider restricting access to the upload file feature in the HMI until a patch is available. As a temporary workaround, limit the privileges of administrative users to minimize the risk of exploitation. Additionally, monitor the webserver for any suspicious activity, such as the creation of size zero files, to quickly identify potential security incidents.