External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
References
Link | Resource |
---|---|
https://cert.pl/posts/2023/07/CVE-2023-0956/ | Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03 | Third Party Advisory US Government Resource |
https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-08-03T18:08:13.924Z
Updated: 2023-08-03T18:08:13.924Z
Reserved: 2023-02-22T16:00:49.434Z
Link: CVE-2023-0956
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-03T19:15:10.323
Modified: 2023-08-08T20:10:03.717
Link: CVE-2023-0956
JSON object: View
Redhat Information
No data.
CWE