Path Traversal Vulnerability Leads to System Paralysis or Remote Control
CVE-2024-10313

8HIGH

Key Information:

Vendor: Ininet Solutions
Status: Spidercontrol Scada Pc Hmi Editor
Vendor: CVE Published:; 24 October 2024

🔔 Create Ininet Solutions Vulnerability Alert

What is CVE-2024-10313?

The iniNet Solutions SpiderControl SCADA PC HMI Editor is susceptible to a path traversal vulnerability that occurs when the software processes a specially crafted ‘ems' project template file. This vulnerability allows an attacker to manipulate file paths, enabling the application to write files to arbitrary directories. This behavior can result in the overwriting of critical system files, potentially leading to system paralysis, or modification of startup items, which may facilitate unauthorized remote control of the system.

Affected Version(s)

SpiderControl SCADA PC HMI Editor 8.10.00.00

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Oct 23, 2024

Credit

elcazator from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc. reported this vulnerability to CISA.