CVE-2023-0956

Summary

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

Affected Software

VendorProductVersion RangeStatus
TEL-STERTelWin SCADA WebInterface3.2 <= 6.1affected
TEL-STERTelWin SCADA WebInterface7.0 <= 7.1affected
TEL-STERTelWin SCADA WebInterface8.0 <= 9.0affected

Weaknesses

  • cwe-35 Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References