iniNet SpiderControl PLC Editor Simatic 6.30.04 Local Privilege Escalation

high Nessus Plugin ID 88414

Synopsis

The PLC editor application running on the remote host is affected by a local privilege escalation vulnerability.

Description

According to its self-reported version, the iniNet SpiderControl PLC Editor Simatic application running on the remote host is version 6.30.04. It is, therefore, affected by a flaw due to setting insecure permissions on the installation directory and files. A local attacker can exploit this to replace files, resulting in an escalation of privileges.

Solution

No fix currently exists. Contact the vendor regarding a patch.

See Also

http://www.nessus.org/u?f0d390ef

http://www.nessus.org/u?53f20aee

http://www.nessus.org/u?e775cd17

Plugin Details

Severity: High

ID: 88414

File Name: scada_ininet_spidercontrol_plc_editor_simatic_6_30_04.nbin

Version: 1.78

Type: local

Agent: windows

Family: SCADA

Published: 1/27/2016

Updated: 8/2/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: x-cpe:/a:ininet_solutions:scada_plc_editor_simatic

Required KB Items: installed_sw/iniNet SpiderControl PLC Editor Simatic

Vulnerability Publication Date: 12/6/2015

Reference Information

EDB-ID: 38904