CVE-2017-12728 Vulnerability Details

  /     /     /  

CVE-2017-12728 Metadata Quick Info

CVE Published: 04/10/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: icscert | Vendor: n/a | Product: SpiderControl SCADA Web Server
Status : PUBLISHED

---

CVE-2017-12728 Description

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).