CVE-2014-0780
InduSoft Web Studio Path Traversal
In short
A flaw in InduSoft Web Studio's web server allows attackers to access files outside the intended directory, exposing stored administrative passwords and enabling them to take over the system.
Technical detail
Directory traversal vulnerability in NTWebServer permits unauthenticated remote attackers to bypass path restrictions and read sensitive APP configuration files containing administrative credentials. Successful exploitation allows arbitrary code execution with elevated privileges.
Summary generated and translated by AI from the official description.
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
InduSoft · Web Studiopublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/42699/unverifiedexploitdbwww.exploit-db.com/exploits/42699unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://download.indusoft.com/71.2.4/IWS71.2.4.ziphttp://ics-cert.us-cert.gov/advisories/ICSA-14-107-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02https://www.exploit-db.com/exploits/42699/http://www.securityfocus.com/bid/67056