CVE-2014-0780

Опубликовано: 25 апр. 2014

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

Ссылки

http://download.indusoft.com/71.2.4/IWS71.2.4.zip
http://www.securityfocus.com/bid/67056
Broken Link
Third Party Advisory
VDB Entry
https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
https://www.exploit-db.com/exploits/42699/
Exploit
Third Party Advisory
VDB Entry
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/67056
Broken Link
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42699/
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:indusoft:web_studio:7.1:-:*:*:*:*:*:*

cpe:2.3:a:indusoft:web_studio:7.1:sp1:*:*:*:*:*:*

cpe:2.3:a:indusoft:web_studio:7.1:sp2:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.89247

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-8mf8-x5px-f6px

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 100%

0.89247

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-22