← Back to home
ICSA-17-264-04  ·  Published 2017-09-21  ·  View on CISA ICS-CERT ↗

iniNet Solutions GmbH SCADA Webserver

CVSS 10.0 CRITICAL

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (1)

Remediations

  • IniNet Solutions GmbH has released a new version of the SCADA Webserver, V2.02.0100, which allows users to implement basic authentication. It can be found at the following location (login required):
  • Instructions for implementing basic authentication can be found in the user manual for V2.02.0100.
  • IniNet Solutions GmbH reminds users that the webserver is designed to be used in a protected environment.
  • As a third-party software, the iniNet Webserver is used in many different vendors' products. Asset owners should determine if they are using a vulnerable version of the iniNet Webserver and follow the recommended practices below.
  • IniNet Solutions GmbH recommends that users never connect PLCs to the Internet. If a user must connect to the Internet, IniNet Solutions GmbH recommends using a managed infrastructure to do so.

Affected Vendors

iniNet Solutions GmbH

Affected Products (1)

iniNet Solutions GmbH · iniNet Webserver < 2.02.0100

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more