CVE-2017-12728
Last modified
CVE-2017-12728 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Spidercontrol | Scada Webserver | <= 2.02.0007 |
References
- http://www.securityfocus.com/bid/100668Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/100668Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12728?
How severe is CVE-2017-12728?
How do I fix CVE-2017-12728?
Are you affected by CVE-2017-12728?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST