IniNet EmbeddedWebServer Solutions SCADA Web Server Vulnerabilities
25 Nov. 2015
Summary
IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.
Vulnerable Systems:
* IniNet embeddedWebServer (aka eWebServer) before 2.02
Immune Systems:
* IniNet embeddedWebServer (aka eWebServer) after 2.02
IniNet Solutions GmbH s SCADA Web Server is a third-party software that is used in industrial control system devices. NCCIC/ICS-CERT is working with vendors to identify affected products that incorporate vulnerable versions of SCADA Web Server. ICS-CERT will update the advisory with additional affected products as more information becomes available.