CVE-2024-8232

HIGH

SpiderControl SCADA Web Server - File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-8232. PoCs published by z3usx01.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in SpiderControl SCADA Web Server, allowing attackers to upload malicious scripts for remote code execution. The exploit uses a simple HTTP POST request to upload a file to a specified endpoint.

Description

SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.

Exploits (1)

nomisec WORKING POC

by z3usx01 · poc

https://github.com/z3usx01/CVE-2024-8232

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in SpiderControl SCADA Web Server, allowing attackers to upload malicious scripts for remote code execution. The exploit uses a simple HTTP POST request to upload a file to a specified endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SpiderControl SCADA Web Server

No auth needed

Prerequisites: Network access to the target SpiderControl SCADA Web Server · Knowledge of the upload endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-02

Scores

CVSS v3 7.5

EPSS 0.1308

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

iniNet Solutions GmbH/SpiderControl SCADA Web Server < v2.09

Published Sep 10, 2024

Tracked Since Feb 18, 2026