← Advisories

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions

Low
Advisory ID
ZSL-2015-5284
Release Date
06 December 2015
Vendor
iniNet Solutions GmbH - http://www.spidercontrol.net
Affected Version
6.30.04 (Build 6300400)
CVE
N/A
Tested On
Microsoft Windows 7 Professional SP1 (EN), Microsoft Windows 7 Ultimate SP1 (EN)
Summary

Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks.

Description

SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' and 'Authenticated Users' group making the entire directory 'WWW' and its files and sub-dirs world-writable.

Proof of Concept
ininetscsws_insecureperm.txtTXT
Disclosure Timeline
22.10.2015Vulnerability discovered.
11.11.2015Vendor contacted.
11.11.2015Vendor responds asking more details.
11.11.2015Sent details to the vendor.
15.11.2015Asked vendor for status update.
16.11.2015Vendor states issues have no impact for customers because they use it in their protected environment.
06.12.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/38903/
[2]https://packetstormsecurity.com/files/134670
[3]https://cxsecurity.com/issue/WLB-2015120053
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/108567
Changelog
06.12.2015Initial release
08.12.2015Added reference [1], [2], [3] and [4]