id: spidercontrol-scada-server-info info: name: SpiderControl SCADA Web Server - Sensitive Information Exposure author: geeknik severity: high description: SpiderControl SCADA Web Server is vulnerable to sensitive information exposure. Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl. reference: - https://spidercontrol.net/spidercontrol-inside/ tags: spidercontrol,scada,exposure,misconfig metadata: max-request: 1 http: - method: GET path: - '{{BaseURL}}/cgi-bin/GetSrvInfo.exe' matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "powered by SpiderControl" - "LSWEBSERVER" - "SCWEBSERVICES" condition: and extractors: - type: kval part: header kval: - Server