{"containers": {"cna": {"affected": [{"product": "SpiderControl SCADA Web Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "SpiderControl SCADA Web Server"}]}], "datePublic": "2017-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-08-26T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"}, {"name": "100456", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100456"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SpiderControl SCADA Web Server", "version": {"version_data": [{"version_value": "SpiderControl SCADA Web Server"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"}, {"name": "100456", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100456"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.452Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"}, {"name": "100456", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100456"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12694", "datePublished": "2017-08-25T19:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.452Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spidercontrol:scada_web_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "7753D3FD-FE72-4CE3-8106-CB14722DCB05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files."}, {"lang": "es", "value": "Se ha descubierto un problema de salto de directorio en SpiderControl SCADA Web Server. Un atacante podr\u00eda ser capaz de emplear una petici\u00f3n GET para realizar un salto de directorio en archivos de sistema."}], "id": "CVE-2017-12694", "lastModified": "2019-10-09T23:23:09.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-25T19:29:00.177", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100456"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}