iniNet SpiderControl PLC Editor Simatic 6.30.04 Local Privilege Escalation

high Nessus Plugin ID 88414


The PLC editor application running on the remote host is affected by a local privilege escalation vulnerability.


According to its self-reported version, the iniNet SpiderControl PLC Editor Simatic application running on the remote host is version 6.30.04. It is, therefore, affected by a flaw due to setting insecure permissions on the installation directory and files. A local attacker can exploit this to replace files, resulting in an escalation of privileges.


No fix currently exists. Contact the vendor regarding a patch.

See Also

Plugin Details

Severity: High

ID: 88414

File Name: scada_ininet_spidercontrol_plc_editor_simatic_6_30_04.nbin

Version: 1.78

Type: local

Agent: windows

Family: SCADA

Published: 1/27/2016

Updated: 8/2/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability by tenable.


Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: x-cpe:/a:ininet_solutions:scada_plc_editor_simatic

Required KB Items: installed_sw/iniNet SpiderControl PLC Editor Simatic

Vulnerability Publication Date: 12/6/2015

Reference Information

EDB-ID: 38904