Описание
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-0780
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
- https://www.exploit-db.com/exploits/42699
- http://download.indusoft.com/71.2.4/IWS71.2.4.zip
- http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
- http://www.securityfocus.com/bid/67056
Связанные уязвимости
CVSS3: 9.8
nvd
почти 12 лет назад
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.