PT-2024-16180 · Ininet Solutions · Ininet Solutions Spidercontrol Scada Pc Hmi Editor

Elcazator

Published

2024-10-24

Updated

2024-11-10

CVE-2024-10313

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iniNet Solutions SpiderControl SCADA PC HMI Editor (affected versions not specified)

Description The issue is related to a path traversal vulnerability. When the software loads a malicious ems project template file created by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-10313

Affected Products

Ininet Solutions Spidercontrol Scada Pc Hmi Editor

CVE-2024-10313

Weakness Enumeration

Related Identifiers

Affected Products

References · 7