ID

VAR-201404-0551


CVE

CVE-2014-0780


TITLE

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02688

DESCRIPTION

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks. InduSoft Web Studio 7.1 is vulnerable; other versions may also be affected

Trust: 3.51

sources: NVD: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // BID: 67056 // IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // VULMON: CVE-2014-0780

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02688

AFFECTED PRODUCTS

vendor:indusoftmodel:web studioscope:eqversion:7.1

Trust: 2.2

vendor:web studiomodel: - scope:eqversion:7.1

Trust: 0.8

vendor:schneider electricmodel:indusoft web studioscope:eqversion:7.1 that's all 7.1 sp2 patch 4

Trust: 0.8

vendor:schneider electricmodel:indusoft web studioscope:eqversion: -

Trust: 0.8

vendor:indusoftmodel:webstudioscope: - version: -

Trust: 0.7

vendor:indusoftmodel:web studio sp2scope:lteversion:<=7.1

Trust: 0.6

vendor:indusoftmodel:web studio sp1scope:eqversion:7.1

Trust: 0.6

vendor:web studiomodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0780
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-0780
value: CRITICAL

Trust: 0.8

ZDI: CVE-2014-0780
value: HIGH

Trust: 0.7

CNVD: CNVD-2014-02688
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-504
value: HIGH

Trust: 0.6

IVD: 7d76c350-463f-11e9-b69f-000c29342cb1
value: HIGH

Trust: 0.2

IVD: 236decfa-1edb-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULMON: CVE-2014-0780
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0780
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

CNVD: CNVD-2014-02688
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d76c350-463f-11e9-b69f-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 236decfa-1edb-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2014-0780
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-0780
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2014-002261 // NVD: CVE-2014-0780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-504

TYPE

Path traversal

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-504

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0780

PATCH

title:InduSofturl:http://www.indusoft.com/

Trust: 0.8

title:Indusoft has issued an update to correct this vulnerability.url:http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02

Trust: 0.7

title:InduSoft Web Studio NTWebServer Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/45216

Trust: 0.6

title:IWS71.2.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49642

Trust: 0.6

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

sources: ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504

EXTERNAL IDS

db:NVDid:CVE-2014-0780

Trust: 5.3

db:ICS CERTid:ICSA-14-107-02

Trust: 3.1

db:BIDid:67056

Trust: 2.0

db:EXPLOIT-DBid:42699

Trust: 1.1

db:CNVDid:CNVD-2014-02688

Trust: 1.0

db:CNNVDid:CNNVD-201404-504

Trust: 1.0

db:JVNDBid:JVNDB-2014-002261

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-2108

Trust: 0.7

db:ZDIid:ZDI-14-118

Trust: 0.7

db:OSVDBid:105551

Trust: 0.6

db:IVDid:7D76C350-463F-11E9-B69F-000C29342CB1

Trust: 0.2

db:IVDid:236DECFA-1EDB-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULMONid:CVE-2014-0780

Trust: 0.1

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // BID: 67056 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-107-02

Trust: 3.1

url:https://www.exploit-db.com/exploits/42699/

Trust: 1.2

url:http://www.securityfocus.com/bid/67056

Trust: 1.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0780

Trust: 0.8

url:https://cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-107-02 

Trust: 0.8

url:http://osvdb.com/show/osvdb/105551

Trust: 0.6

url:http://www.indusoft.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=34041

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ostorlab/kev

Trust: 0.1

sources: ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // BID: 67056 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

CREDITS

John Leitch

Trust: 1.0

sources: ZDI: ZDI-14-118 // BID: 67056

SOURCES

db:IVDid:7d76c350-463f-11e9-b69f-000c29342cb1
db:IVDid:236decfa-1edb-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-14-118
db:CNVDid:CNVD-2014-02688
db:VULMONid:CVE-2014-0780
db:BIDid:67056
db:JVNDBid:JVNDB-2014-002261
db:CNNVDid:CNNVD-201404-504
db:NVDid:CVE-2014-0780

LAST UPDATE DATE

2024-12-20T22:42:32.441000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-14-118date:2014-05-02T00:00:00
db:CNVDid:CNVD-2014-02688date:2014-04-29T00:00:00
db:VULMONid:CVE-2014-0780date:2017-09-16T00:00:00
db:BIDid:67056date:2014-05-21T01:02:00
db:JVNDBid:JVNDB-2014-002261date:2024-07-08T04:59:00
db:CNNVDid:CNNVD-201404-504date:2014-04-28T00:00:00
db:NVDid:CVE-2014-0780date:2024-12-19T18:22:59.987

SOURCES RELEASE DATE

db:IVDid:7d76c350-463f-11e9-b69f-000c29342cb1date:2014-04-29T00:00:00
db:IVDid:236decfa-1edb-11e6-abef-000c29c66e3ddate:2014-04-29T00:00:00
db:ZDIid:ZDI-14-118date:2014-05-02T00:00:00
db:CNVDid:CNVD-2014-02688date:2014-04-29T00:00:00
db:VULMONid:CVE-2014-0780date:2014-04-25T00:00:00
db:BIDid:67056date:2014-04-24T00:00:00
db:JVNDBid:JVNDB-2014-002261date:2014-04-28T00:00:00
db:CNNVDid:CNNVD-201404-504date:2014-04-28T00:00:00
db:NVDid:CVE-2014-0780date:2014-04-25T05:12:07.787