CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-0780

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.9220%
EPSS Percentile97.67th
Published2014年4月25日
Last Modified2026年4月22日

Vulnerability Description

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

Affected Platforms (CPE)

📦
Indusoft

Web Studio

= 7.1
📦
Indusoft

Web Studio

= 7.1
📦
Indusoft

Web Studio

= 7.1

References & Advisories

🔗 http://download.indusoft.com/71.2.4/IWS71.2.4.zip
🔗 http://www.securityfocus.com/bid/67056
🔗 https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
🔗 https://www.exploit-db.com/exploits/42699/
🔗 http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
🔗 http://www.securityfocus.com/bid/67056
🔗 https://www.exploit-db.com/exploits/42699/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780

相關漏洞威脅

CVE-2011-034210.0

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hot...

CVE-2011-190010.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to ...

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2011-405110.0

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authenticati...