CVE-2023-3329 — MEDIUM (6.5)

Q: How severe is CVE-2023-3329?

CVE-2023-3329 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-3329?

Check the references section above for vendor advisories and patch information. Affected products include: Spidercontrol Scadawebserver.

Vulnerability Description

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Spidercontrol	Scadawebserver	<= 2.08

Related Weaknesses (CWE)

CWE-22

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03Third Party AdvisoryUS Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-3329?

CVE-2023-3329 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file fe...

How severe is CVE-2023-3329?

CVE-2023-3329 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3329?

Check the references section above for vendor advisories and patch information. Affected products include: Spidercontrol Scadawebserver.