iniNet SpiderControl PLC Editor Beckhoff 6.30.04 Local Privilege Escalation

high Nessus Plugin ID 88413

Synopsis

The PLC editor application running on the remote host is affected by a local privilege escalation vulnerability.

Description

According to its self-reported version, the iniNet SpiderControl PLC Editor Beckhoff application running on the remote host is version 6.30.04. It is, therefore, affected by a flaw due to setting insecure permissions on the installation directory and files. A local attacker can exploit this to replace files, resulting in an escalation of privileges.

Solution

No fix currently exists. Contact the vendor regarding a patch.

See Also

http://www.nessus.org/u?e775cd17

Plugin Details

Severity: High

ID: 88413

File Name: scada_ininet_spidercontrol_plc_editor_beckhoff_6_30_04.nbin

Version: 1.116

Type: local

Agent: windows

Family: SCADA

Published: 1/27/2016

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: x-cpe:/a:ininet_solutions:scada_plc_editor_beckhoff

Required KB Items: installed_sw/iniNet SpiderControl PLC Editor Beckhoff

Vulnerability Publication Date: 12/11/2015