CVE-2017-12728 : Security Advisory and Response

SpiderControl SCADA Web Server has a privilege management flaw that allows non-admin local users to modify service executables with higher privileges, potentially leading to code execution.

Understanding CVE-2017-12728

What is CVE-2017-12728?

A privilege management vulnerability in SpiderControl SCADA Web Server allows authenticated non-admin local users to alter service executables with escalated privileges, enabling potential code execution within system services.

The Impact of CVE-2017-12728

The vulnerability could be exploited by attackers to execute arbitrary code within the context of the current system services.

Technical Details of CVE-2017-12728

Vulnerability Description

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and earlier, allowing non-admin local users to modify service executables with escalated privileges.

Affected Systems and Versions

Product: SpiderControl SCADA Web Server
Versions affected: Version 2.02.0007 and prior

Exploitation Mechanism

Non-admin local users who are authenticated can modify service executables with higher privileges, potentially enabling an attacker to execute any code within the current system services.

Mitigation and Prevention

Immediate Steps to Take

Update SpiderControl SCADA Web Server to the latest version.
Restrict access to the vulnerable system to authorized personnel only.
Monitor system logs for any suspicious activities.

Long-Term Security Practices

Implement the principle of least privilege to restrict user access rights.
Conduct regular security audits and vulnerability assessments.
Educate users on safe computing practices and the importance of security awareness.

Patching and Updates

Apply security patches and updates provided by the vendor to address the privilege management vulnerability in SpiderControl SCADA Web Server.