SpiderControl SCADA Web Server, a critical HMI program by iniNet Solutions GmbH, is vulnerable to an unauthenticated file upload flaw, tracked as CVE-2024-8232. This vulnerability allows attackers to upload specially crafted malicious files without requiring authentication, leading to a high risk of remote code execution. Versions of SpiderControl SCADA Web Server up to 2.09 are affected, and the flaw is rated with a CVSS v4 score of 8.7, highlighting the critical nature of the vulnerability. The affected systems are primarily deployed in critical manufacturing sectors worldwide, further increasing the potential for severe impact.
The vulnerability was reported by Elex CyberSecurity, Inc. to CERT/CC in early 2024. Successful exploitation could enable attackers to execute arbitrary code or gain unauthorized access to the affected systems. The issue stems from the unrestricted file upload functionality, which does not properly validate the type of file being uploaded. Consequently, this vulnerability could allow a malicious actor to inject harmful files into the system, potentially compromising its integrity and security.
To address this issue, iniNet Solutions released an updated version of the SpiderControl SCADA Web Server, version 3.2.2, which resolves the flaw. The company emphasizes that the server should be used in a protected environment and recommends not connecting control system software directly to the Internet. If remote access is necessary, the vendor advises using managed infrastructures and more secure methods, such as Virtual Private Networks (VPNs), to minimize the risk of exploitation. CISA also recommends additional measures to reduce the attack surface, such as ensuring that control systems are not exposed to the internet and employing firewalls.
CISA further advises organizations to follow industry best practices and conduct risk assessments before deploying defensive measures. They also encourage organizations to implement cybersecurity strategies to proactively defend industrial control systems (ICS). While no public exploitation of this vulnerability has been reported so far, CISA continues to track and monitor potential threats. Organizations are urged to upgrade their systems and adopt comprehensive cybersecurity defenses to protect against potential attacks targeting ICS infrastructure.
Reference:
