Details of VAR-202308-0261

ID

VAR-202308-0261

CVE

CVE-2023-3329

TITLE

iniNet Solutions GmbH Made SpiderControl SCADA server Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002215

DESCRIPTION

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. iniNet Solutions GmbH Provided by SpiderControl SCADA server The following vulnerabilities exist in. It was * by a user with administrator privileges Web Files on the server are overwritten and denial of service ( DoS ) state is triggered

Trust: 1.71

sources: NVD: CVE-2023-3329 // JVNDB: JVNDB-2023-002215 // VULMON: CVE-2023-3329

AFFECTED PRODUCTS

vendor:	spidercontrol	model:	scadawebserver	scope:	lte	version:	2.08	Trust: 1.0
vendor:	ininet	model:	scada web server	scope:	lte	version:	2.08 and earlier	Trust: 0.8
vendor:	ininet	model:	scada web server	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002215 // NVD: CVE-2023-3329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-3329
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-3329
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-3329
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-3329
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002215 // NVD: CVE-2023-3329

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002215 // NVD: CVE-2023-3329

PATCH

title:

Download Area

url:

https://spidercontrol.net/download/downloadbereich-neu/#scadaserver

Trust: 0.8

sources: JVNDB: JVNDB-2023-002215

EXTERNAL IDS

db:	NVD	id:	CVE-2023-3329	Trust: 2.7
db:	ICS CERT	id:	ICSA-23-173-03	Trust: 1.9
db:	JVN	id:	JVNVU94326169	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002215	Trust: 0.8
db:	VULMON	id:	CVE-2023-3329	Trust: 0.1

sources: VULMON: CVE-2023-3329 // JVNDB: JVNDB-2023-002215 // NVD: CVE-2023-3329

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03	Trust: 1.9
url:	http://jvn.jp/vu/jvnvu94326169/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3329	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-3329 // JVNDB: JVNDB-2023-002215 // NVD: CVE-2023-3329

SOURCES

db:	VULMON	id:	CVE-2023-3329
db:	JVNDB	id:	JVNDB-2023-002215
db:	NVD	id:	CVE-2023-3329

LAST UPDATE DATE

2024-10-30T23:40:00.450000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-3329	date:	2023-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002215	date:	2024-04-11T08:16:00
db:	NVD	id:	CVE-2023-3329	date:	2024-10-29T18:35:02.750

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-3329	date:	2023-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-002215	date:	2023-06-26T00:00:00
db:	NVD	id:	CVE-2023-3329	date:	2023-08-02T23:15:10.547