Vulnerability Description
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tel-Ster | Telwin Scada Webinterface | >= 3.2, < 6.2 |
Related Weaknesses (CWE)
References
- https://cert.pl/posts/2023/07/CVE-2023-0956/Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03Third Party AdvisoryUS Government Resource
- https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosVendor Advisory
- https://cert.pl/posts/2023/07/CVE-2023-0956/Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03Third Party AdvisoryUS Government Resource
- https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosVendor Advisory
FAQ
What is CVE-2023-0956?
CVE-2023-0956 is a vulnerability with a CVSS score of 7.5 (HIGH). External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an...
How severe is CVE-2023-0956?
CVE-2023-0956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0956?
Check the references section above for vendor advisories and patch information. Affected products include: Tel-Ster Telwin Scada Webinterface.