PT-2023-4280 · Tel Ster · Tel-Ster Telwin Scada Webinterface

Marcin Dudek

Published

2023-08-03

Updated

2023-08-08

CVE-2023-0956

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions TEL-STER TelWin SCADA WebInterface (affected versions not specified)

Description The issue is related to the TEL-STER TelWin SCADA WebInterface, where external input could be used to construct paths to files and directories without properly neutralizing special elements within the pathname. This could allow an unauthenticated attacker to read files on the system. The vulnerability is associated with incorrect restriction of the directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2023-04598

CVE-2023-0956

Affected Products

Tel-Ster Telwin Scada Webinterface

PT-2023-4280 · Tel Ster · Tel-Ster Telwin Scada Webinterface

CVE-2023-0956

Weakness Enumeration

Related Identifiers

Affected Products

References · 9