CVE-2024-10313 HIGH

CVE-2024-10313: iniNet Solutions SpiderControl SCADA PC HMI Editor Path Traversal

Vendor Ininet Solutions
Product SpiderControl SCADA PC HMI Editor
Weakness CWE-22 · Path traversal
Published October 24, 2024
Last update October 24, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control.

Key dates

02Disclosure timeline

October 24, 2024 CVE published
October 24, 2024 Record updated