Vulnerability Description
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Indusoft | Web Studio | 7.1 |
Related Weaknesses (CWE)
References
- http://download.indusoft.com/71.2.4/IWS71.2.4.zipBroken Link
- http://www.securityfocus.com/bid/67056Broken LinkThird Party AdvisoryVDB Entry
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02US Government Resource
- https://www.exploit-db.com/exploits/42699/ExploitThird Party AdvisoryVDB Entry
- http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/67056Broken LinkThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42699/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-US Government Resource
FAQ
What is CVE-2014-0780?
CVE-2014-0780 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary...
How severe is CVE-2014-0780?
CVE-2014-0780 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-0780?
Check the references section above for vendor advisories and patch information. Affected products include: Indusoft Web Studio.