Vulnerability Description
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spidercontrol | Scada Webserver | <= 2.02.0007 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100668Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100668Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-12728?
CVE-2017-12728 is a vulnerability with a CVSS score of 7.8 (HIGH). An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables...
How severe is CVE-2017-12728?
CVE-2017-12728 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12728?
Check the references section above for vendor advisories and patch information. Affected products include: Spidercontrol Scada Webserver.