CVE-2017-12728
First published: Thu Oct 05 2017(Updated: )
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SpiderControl SCADA Web Server | <=2.02.0007 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12728?
CVE-2017-12728 has been rated as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2017-12728?
To fix CVE-2017-12728, upgrade to SpiderControl SCADA Web Server version 2.02.0008 or later.
Who is affected by CVE-2017-12728?
CVE-2017-12728 affects authenticated, non-administrative local users of SpiderControl SCADA Web Server version 2.02.0007 and prior.
What type of vulnerability is CVE-2017-12728?
CVE-2017-12728 is classified as an Improper Privilege Management vulnerability.
What can an attacker achieve using CVE-2017-12728?
An attacker can execute arbitrary code with escalated privileges by exploiting CVE-2017-12728.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/spidercontrol
- canonical/spidercontrol scada web server
- version/spidercontrol scada web server/2.02.0007