CVE-2023-0956

TEL-STER TelWin SCADA WebInterface Path Traversal

Description

External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.

Remediation

Solution:

  • TEL-STER recommends that users update WebInterface module https://www.tel-ster.pl/index.php/en/telwin-scada-eng/news-telwin-eng  to one of the following versions: 6.2, 7.2, 8.1, 9.1, or 10.0. Please note that the WebInterface is part of the TelWin SCADA software and is usually updated with the software. TEL-STER only currently supports and updates TelWin SCADA 7.8 (WebInteraface 6.x) upwards TEL-STER does not have any updates planned for versions using older vulnerable WebInterface (lower than 6.0), and users are recommended to update TelWin SCADA to one of the supported versions. For more information, please contact TEL-STER. More information about this issue and the associated mitigation can be found at TEL-STER advisory https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956  or CERT.PL advisory https://cert.pl/posts/2023/07/CVE-2023-0956/ .

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.80% Top 30%
Vendor Advisory tel-ster.pl
Affected: TEL-STER TelWin SCADA WebInterface
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03 third party advisory us government resource
https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956 vendor advisory
https://cert.pl/posts/2023/07/CVE-2023-0956/ third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-0956?
CVE-2023-0956 has been scored as a high severity vulnerability.
How to fix CVE-2023-0956?
To fix CVE-2023-0956: TEL-STER recommends that users update WebInterface module https://www.tel-ster.pl/index.php/en/telwin-scada-eng/news-telwin-eng  to one of the following versions: 6.2, 7.2, 8.1, 9.1, or 10.0. Please note that the WebInterface is part of the TelWin SCADA software and is usually updated with the software. TEL-STER only currently supports and updates TelWin SCADA 7.8 (WebInteraface 6.x) upwards TEL-STER does not have any updates planned for versions using older vulnerable WebInterface (lower than 6.0), and users are recommended to update TelWin SCADA to one of the supported versions. For more information, please contact TEL-STER. More information about this issue and the associated mitigation can be found at TEL-STER advisory https://www.tel-ster.pl/index.php/telwin-scada/nowosci/372-telwin-scada-podatnosc-cve-2023-0956  or CERT.PL advisory https://cert.pl/posts/2023/07/CVE-2023-0956/ .
Is CVE-2023-0956 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-0956 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0956?
CVE-2023-0956 affects TEL-STER TelWin SCADA WebInterface.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.