MidnightBSD

Advisories for tel-ster

CVE-2023-0956

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
tel-ster telwin_scada_webinterface 8.0
tel-ster telwin_scada_webinterface *
tel-ster telwin_scada_webinterface 9.0