CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0780

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.9220%
EPSS Percentile97.67th
PublishedApr 25, 2014
Last ModifiedApr 22, 2026

Vulnerability Description

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

Affected Platforms (CPE)

πŸ“¦
Indusoft

Web Studio

= 7.1
πŸ“¦
Indusoft

Web Studio

= 7.1
πŸ“¦
Indusoft

Web Studio

= 7.1

References & Advisories

πŸ”— http://download.indusoft.com/71.2.4/IWS71.2.4.zip
πŸ”— http://www.securityfocus.com/bid/67056
πŸ”— https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
πŸ”— https://www.exploit-db.com/exploits/42699/
πŸ”— http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
πŸ”— http://www.securityfocus.com/bid/67056
πŸ”— https://www.exploit-db.com/exploits/42699/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780

Related Vulnerabilities

CVE-2011-034210.0

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hot...

CVE-2011-190010.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to ...

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2011-405110.0

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authenticati...