← Back to home
ICSA-23-173-03  ·  Published 2023-06-23  ·  View on CISA ICS-CERT ↗

SpiderControl SCADAWebServer

CVSS 4.9 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could result in a denial-of-service condition.

CVEs (1)

Remediations

  • SpiderControl recommends users update their systems to the latest version.
  • SpiderControl recommends users apply the following mitigations:
  • If doing development work on the device, after the development phase is finished, switch off the file upload feature. To do this, go to the file C:\www\ZelsWebServ.xml and set the property "file_upload_en" to 0 like so: <file_upload_en>0</file_upload_en> . This will mitigate the vulnerability in all older versions, and should also be done for the current version in order to prevent unwanted access to the Web-servers html file directory.

Affected Vendors

SpiderControl

Affected Products (1)

SpiderControl · SCADAWebServer <= 2.08

Affected Sectors

Critical Manufacturing, Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more