CVE-2024-10313

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal 
vulnerability. When the software loads a malicious ems' project 
template file constructed by an attacker, it can write files to 
arbitrary directories. This can lead to overwriting system files, 
causing system paralysis, or writing to startup items, resulting in 
remote control.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
icscertCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02