CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0780

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.914

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

Ransomware Campaign

Unknown

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
http://www.securityfocus.com/bid/67056
https://www.exploit-db.com/exploits/42699/
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
http://www.securityfocus.com/bid/67056
https://www.exploit-db.com/exploits/42699/

Products affected by CVE-2014-0780

Indusoft » Web Studio » Version: 7.1

cpe:2.3:a:indusoft:web_studio:7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0780

Products

Pricing

Contact Us