cbcvebase.
CVE-2017-13995
published 2017-10-05

CVE-2017-13995: An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly…

PriorityP260critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
2.47%
82.5th percentile
An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.

Affected

1 ranges
VendorProductVersion rangeFixed in
spidercontrolininet_webserver<= 2.02.0000

Detection & IOCsextracted from sources · hover to see the quote

  • The iniNet Webserver does not require authentication, allowing unauthenticated remote access to HMI pages and PLC variable modification — detect unauthenticated HTTP requests to HMI endpoints on the webserver.
  • Vulnerability is remotely exploitable with low skill level and no privileges or user interaction required (CVSS v3 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) — any unauthenticated network connection to the webserver port should be treated as suspicious in ICS/SCADA environments.
  • All versions of iniNet Webserver prior to V2.02.0100 are vulnerable — identify and flag any deployment of iniNet Webserver versions below V2.02.0100 on the network.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication.

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.