CVE-2024-8232

Summary

SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.

Affected Software

VendorProductVersion RangeStatus
iniNet Solutions GmbHSpiderControl SCADA Web Server0 <= v2.09affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

Workarounds

IniNet Solutions reminds users that the webserver is designed to be used in a protected environment. IniNet Solutions GmbH recommends that users never connect control system software directly to the Internet. If a user must connect to the Internet, IniNet Solutions GmbH recommends using a managed infrastructure to do so.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References