Overview
- Description
- iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- ics-cert@hq.dhs.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-10313
@transilienceai
8 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Warning: High path traversal vulnerability in iniNet Solutions SpiderControl SCADA PC HMI Editor. #CVE-2024-10313 CVSS: 8.0. Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device! #Patch #Patch #Patch https://t.co/wG3zxVstIS
@CCBalert
6 Nov 2024
137 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-10313
@transilienceai
5 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-10313 iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed b… https://t.co/W1P68sNdXt
@CVEnew
24 Oct 2024
279 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10313: HIGH] Warning: SpiderControl SCADA PC HMI Editor by iniNet Solutions is vulnerable to malicious 'ems' project template files. Attackers can exploit this to write files, leading to system compromise.#cybersecurity,#vulnerability https://t.co/vSHs4Hj5RR https://t.c
@CveFindCom
24 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes