iniNet SpiderControl SCADA Editor 6.30.01 Local Privilege Escalation

high Nessus Plugin ID 88415

Synopsis

The SCADA editor running on the remote host is affected by a local privilege escalation vulnerability.

Description

According to its self-reported version, the iniNet SpiderControl SCADA Editor application running on the remote host is version 6.30.01. It is, therefore, affected by a flaw due to setting insecure permissions on the installation directory and files. A local attacker can exploit this to replace files, resulting in an escalation of privileges.

Solution

No fix currently exists. Contact the vendor regarding a patch.

See Also

http://www.nessus.org/u?b0237a61

http://www.nessus.org/u?faa2a027

http://www.nessus.org/u?e775cd17

Plugin Details

Severity: High

ID: 88415

File Name: scada_ininet_spidercontrol_scada_editor_6_30_01.nbin

Version: 1.78

Type: local

Agent: windows

Family: SCADA

Published: 1/27/2016

Updated: 8/2/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: x-cpe:/a:ininet_solutions:scada_editor

Required KB Items: installed_sw/iniNet SpiderControl SCADA Editor

Vulnerability Publication Date: 12/6/2015