Details of VAR-201404-0551

ID

VAR-201404-0551

CVE

CVE-2014-0780

TITLE

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02688

DESCRIPTION

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks. InduSoft Web Studio 7.1 is vulnerable; other versions may also be affected

Trust: 3.51

sources: NVD: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // BID: 67056 // IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // VULMON: CVE-2014-0780

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02688

AFFECTED PRODUCTS

vendor:	indusoft	model:	web studio	scope:	eq	version:	7.1	Trust: 2.2
vendor:	web studio	model:	-	scope:	eq	version:	7.1	Trust: 0.8
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1 that's all 7.1 sp2 patch 4	Trust: 0.8
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	-	Trust: 0.8
vendor:	indusoft	model:	webstudio	scope:	-	version:	-	Trust: 0.7
vendor:	indusoft	model:	web studio sp2	scope:	lte	version:	<=7.1	Trust: 0.6
vendor:	indusoft	model:	web studio sp1	scope:	eq	version:	7.1	Trust: 0.6
vendor:	web studio	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0780
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-0780
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2014-0780
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-02688
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-504
value:	HIGH
Trust: 0.6
IVD:	7d76c350-463f-11e9-b69f-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	236decfa-1edb-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULMON:	CVE-2014-0780
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0780
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
CNVD:	CNVD-2014-02688
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d76c350-463f-11e9-b69f-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	236decfa-1edb-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2014-0780
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2014-0780
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2014-002261 // NVD: CVE-2014-0780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-504

TYPE

Path traversal

Trust: 1.0

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-504

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0780

PATCH

title:	InduSoft	url:	http://www.indusoft.com/	Trust: 0.8
title:	Indusoft has issued an update to correct this vulnerability.	url:	http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02	Trust: 0.7
title:	InduSoft Web Studio NTWebServer Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/45216	Trust: 0.6
title:	IWS71.2.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49642	Trust: 0.6
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1

sources: ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0780	Trust: 5.3
db:	ICS CERT	id:	ICSA-14-107-02	Trust: 3.1
db:	BID	id:	67056	Trust: 2.0
db:	EXPLOIT-DB	id:	42699	Trust: 1.1
db:	CNVD	id:	CNVD-2014-02688	Trust: 1.0
db:	CNNVD	id:	CNNVD-201404-504	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002261	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2108	Trust: 0.7
db:	ZDI	id:	ZDI-14-118	Trust: 0.7
db:	OSVDB	id:	105551	Trust: 0.6
db:	IVD	id:	7D76C350-463F-11E9-B69F-000C29342CB1	Trust: 0.2
db:	IVD	id:	236DECFA-1EDB-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2014-0780	Trust: 0.1

sources: IVD: 7d76c350-463f-11e9-b69f-000c29342cb1 // IVD: 236decfa-1edb-11e6-abef-000c29c66e3d // ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // BID: 67056 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-107-02	Trust: 3.1
url:	https://www.exploit-db.com/exploits/42699/	Trust: 1.2
url:	http://www.securityfocus.com/bid/67056	Trust: 1.1
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0780	Trust: 0.8
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-107-02	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105551	Trust: 0.6
url:	http://www.indusoft.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34041	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: ZDI: ZDI-14-118 // CNVD: CNVD-2014-02688 // VULMON: CVE-2014-0780 // BID: 67056 // JVNDB: JVNDB-2014-002261 // CNNVD: CNNVD-201404-504 // NVD: CVE-2014-0780

CREDITS

John Leitch

Trust: 1.0

sources: ZDI: ZDI-14-118 // BID: 67056

SOURCES

db:	IVD	id:	7d76c350-463f-11e9-b69f-000c29342cb1
db:	IVD	id:	236decfa-1edb-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-118
db:	CNVD	id:	CNVD-2014-02688
db:	VULMON	id:	CVE-2014-0780
db:	BID	id:	67056
db:	JVNDB	id:	JVNDB-2014-002261
db:	CNNVD	id:	CNNVD-201404-504
db:	NVD	id:	CVE-2014-0780

LAST UPDATE DATE

2024-08-14T14:14:12.348000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-118	date:	2014-05-02T00:00:00
db:	CNVD	id:	CNVD-2014-02688	date:	2014-04-29T00:00:00
db:	VULMON	id:	CVE-2014-0780	date:	2017-09-16T00:00:00
db:	BID	id:	67056	date:	2014-05-21T01:02:00
db:	JVNDB	id:	JVNDB-2014-002261	date:	2024-07-08T04:59:00
db:	CNNVD	id:	CNNVD-201404-504	date:	2014-04-28T00:00:00
db:	NVD	id:	CVE-2014-0780	date:	2024-07-02T16:56:31.520

SOURCES RELEASE DATE

db:	IVD	id:	7d76c350-463f-11e9-b69f-000c29342cb1	date:	2014-04-29T00:00:00
db:	IVD	id:	236decfa-1edb-11e6-abef-000c29c66e3d	date:	2014-04-29T00:00:00
db:	ZDI	id:	ZDI-14-118	date:	2014-05-02T00:00:00
db:	CNVD	id:	CNVD-2014-02688	date:	2014-04-29T00:00:00
db:	VULMON	id:	CVE-2014-0780	date:	2014-04-25T00:00:00
db:	BID	id:	67056	date:	2014-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-002261	date:	2014-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-504	date:	2014-04-28T00:00:00
db:	NVD	id:	CVE-2014-0780	date:	2014-04-25T05:12:07.787