CVE-2023-0956 – CVE-2023-0956 is a path traversal vulnerability... (How to Fix)

Q: What is the severity of CVE-2023-0956?

CVE-2023-0956 has a CVSS score of 7.5 (HIGH). CVE-2023-0956 is a path traversal vulnerability in TEL-STER TelWin SCADA WebInterface that allows unauthenticated attackers to read arbitrary files on the system by manipulating file paths. This affects organizations using TelWin SCADA systems with the vulnerable web interface exposed.

📋 TL;DR

CVE-2023-0956 is a path traversal vulnerability in TEL-STER TelWin SCADA WebInterface that allows unauthenticated attackers to read arbitrary files on the system by manipulating file paths. This affects organizations using TelWin SCADA systems with the vulnerable web interface exposed.

💻 Affected Systems

Products:

TEL-STER TelWin SCADA

Versions: All versions prior to the fix

Operating Systems: Windows-based SCADA systems

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the WebInterface component of TelWin SCADA systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or system files leading to further attacks on SCADA/ICS infrastructure.

🟠

Likely Case

Unauthenticated attackers reading sensitive files containing configuration data, credentials, or system information that could enable further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the web interface.

🌐 Internet-Facing: HIGH - The vulnerability is unauthenticated and allows file reading, making internet-exposed systems particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but requires network access to the SCADA system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with publicly available information about the path traversal technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest TelWin SCADA version as specified by vendor

Vendor Advisory: https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956

Restart Required: Yes

Instructions:

1. Contact TEL-STER for the security update. 2. Apply the patch following vendor instructions. 3. Restart the SCADA system and WebInterface service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SCADA systems from untrusted networks and restrict access to the WebInterface.

Access Control

all

Implement strict firewall rules to limit access to the WebInterface port (typically HTTP/HTTPS).

🧯 If You Can't Patch

Implement strict network segmentation to isolate SCADA systems from untrusted networks
Deploy web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Test if the WebInterface accepts path traversal sequences (e.g., ../) in file requests. Monitor for unauthorized file access attempts.

Check Version:

Check TelWin SCADA version through the WebInterface or system configuration

Verify Fix Applied:

Verify the patch is applied by checking version and testing that path traversal attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in WebInterface logs
Multiple failed attempts with path traversal sequences

Network Indicators:

HTTP requests containing ../ sequences to the SCADA WebInterface

SIEM Query:

web.url:*../* AND destination.port:(80 OR 443) AND destination.ip:SCADA_SYSTEM_IP

📊 Metadata

CVE ID: CVE-2023-0956

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: August 3, 2023

Last Updated: November 21, 2024

🔗 References

https://cert.pl/posts/2023/07/CVE-2023-0956/ Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03 Third Party Advisory,US Government Resource
https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956 Vendor Advisory
https://cert.pl/posts/2023/07/CVE-2023-0956/ Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03 Third Party Advisory,US Government Resource
https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0956, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Telwin Scada Webinterface by Tel Ster

Telwin Scada Webinterface by Tel Ster

Telwin Scada Webinterface by Tel Ster

Telwin Scada Webinterface by Tel Ster

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities