CVE-2014-0780

CRITICAL9.8

CISA KEVHigh EPSS

Description

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

InduSoft / Web Studio7.1 – 7.1

References

EXPLOIThttps://www.exploit-db.com/exploits/42699/
VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
MISChttp://www.securityfocus.com/bid/67056
MISChttp://download.indusoft.com/71.2.4/IWS71.2.4.zip