CVE-2014-0780

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
indusoftweb_studio
7.1
indusoftweb_studio
7.1:sp1
indusoftweb_studio
7.1:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
http://www.securityfocus.com/bid/67056
https://www.exploit-db.com/exploits/42699/
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
http://www.securityfocus.com/bid/67056
https://www.exploit-db.com/exploits/42699/