CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2013-1627 – Advantech Studio 7.0 - SCADA/HMI Directory Traversal
https://notcve.org/view.php?id=CVE-2013-1627
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Vulnerabilidad de salto de directorio absoluto en NTWebServer.exe en Indusoft Studio v7.0 y anteriores, y Advantech Studio v7.0 y anteriores, permite a atacantes remotos leer archivos de su elección a través de un nombre de ruta absoluto en un argumento a la función sub_401A90 CreateFileW. • https://www.exploit-db.com/exploits/23132 http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 1CVE-2011-4051 – InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4051
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. El componente de CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 no requiere autenticación, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con la creación de un archivo, la carga de un archivo DLL, y el control de procesos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. • https://www.exploit-db.com/exploits/21837 http://www.indusoft.com/hotfixes/hotfixes.php http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf http://www.zerodayinitiative.com/advisories/ZDI-11-330 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 89%CPEs: 2EXPL: 0CVE-2011-4052 – InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4052
Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. Un desbordamiento de búfer basado en la pila en CEServer.exe del componente CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 permite a atacantes remotos ejecutar código de su eelcción a través de una operación 0x15 (o sea la eliminación de un archivo) para un archivo con un nombre demasiado largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. • http://www.indusoft.com/hotfixes/hotfixes.php http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf http://www.zerodayinitiative.com/advisories/ZDI-11-329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2011-0342
https://notcve.org/view.php?id=CVE-2011-0342
Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method. Múltiples desbordamientos de buffer en el control ActiveX InduSoft ISSymbol en ISSymbol.ocx v301.1104.601.0 en InduSoft Web Studio v7.0B2 hotfix v7.0.01.04 permite a atacantes remotos ejecutar código de su elección a través de un parámetro largo en el método (1) Open, (2) Close, o (3) SetCurrentLanguage. • http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02 http://secunia.com/advisories/44875 http://secunia.com/secunia_research/2011-61 http://www.indusoft.com/hotfixes/hotfixes.php http://www.securityfocus.com/bid/49403 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 1CVE-2011-0340 – InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0340
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Múltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la máquina virtual ISSymbol, como se ha distribuído en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar código de su elección a través de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al método OpenScreen. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. • https://www.exploit-db.com/exploits/23500 http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 http://secunia.com/advisories/42928 http://secunia.com/advisories/43116 http://secunia.com/secunia_research/2011-36 http://secunia.com/secunia_research/2011-37 http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm http://www.indusoft.com/hotfixes/hotfixes.php http://www.securityfocus.com/bid/47596 http://www.us-cert.gov/control_systems/pdf/ICS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •