CVE-2023-0956

HIGH

TelWin SCADA WebInterface 3.2-6.2 - Unauthenticated Path Traversal

Title source: llm

Description

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

References (3)

Core 3

Core References

Third Party Advisory

https://cert.pl/posts/2023/07/CVE-2023-0956/

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03

Vendor Advisory

https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956

Scores

CVSS v3 7.5

EPSS 0.0079

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

tel-ster/telwin_scada_webinterface 8.0

tel-ster/telwin_scada_webinterface 9.0

tel-ster/telwin_scada_webinterface 3.2 - 6.2

Published Aug 03, 2023

Tracked Since Feb 18, 2026