CVE-2023-0956 HIGH

CVE-2023-0956: TEL-STER TelWin SCADA WebInterface Path Traversal

Vendor Tel-Ster
Product TelWin SCADA WebInterface
Published August 3, 2023
Last update January 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

Key dates

02Disclosure timeline

August 3, 2023 CVE published
January 16, 2025 Record updated