CVSS: 10.0EPSS: 35%CPEs: 2EXPL: 0CVE-2018-8840
https://notcve.org/view.php?id=CVE-2018-8840
18 Apr 2018 — A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. Un atacante remoto podría enviar un paquete cuidadosamente manipulado en InduSoft Web Studio, en versiones 8.1 y anteriores, y/o en InTouch Machine Edition 2017, en versiones 8.1 y anteriores, durante una acción relacionada con una etiqueta... • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-7375
https://notcve.org/view.php?id=CVE-2015-7375
25 Sep 2015 — Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file. Vulnerabilidad en Schneider Electric InduSoft Web Studio en versiones anteriores a 8.0, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (excepción de tiempo de ejecución no manejada y caída de la aplicación) a través de un archivo Indusoft Project. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-7374 – InduSoft Web Studio Remote Agent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7374
25 Sep 2015 — The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. Vulnerabilidad en el componente Remote Agent en Schneider Electric InduSoft Web Studio en versiones anteriores a 8.0, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, también conocida como ZDI-CAN-2649. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installa... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1009
https://notcve.org/view.php?id=CVE-2015-1009
01 Aug 2015 — Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. Vulnerabilidad en Schneider Electric InduSoft Web Studio en versiones anteriores a 7.1.3.5 Patch 5 y Wonderware InTouch Machine Edition hasta la versión 7.1 SP3 Patch 4, utiliza almacenamiento de contraseñas en texto plano para project-window, lo que permite a... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 90%CPEs: 3EXPL: 2CVE-2014-0780 – InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0780
25 Apr 2014 — Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Vulnerabilidad de salto de directorio en NTWebServer en InduSoft Web Studio 7.1 anterior a SP2 Patch 4 permite a a atacantes remotos leer contraseñas de autenticación en archivos APP, y como consecuencia ejecutar código arbitrario, a través de solicitudes web no especificado... • https://packetstorm.news/files/id/144175 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 9%CPEs: 6EXPL: 1CVE-2013-1627 – Advantech Studio 7.0 - SCADA/HMI Directory Traversal
https://notcve.org/view.php?id=CVE-2013-1627
11 Mar 2013 — Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Vulnerabilidad de salto de directorio absoluto en NTWebServer.exe en Indusoft Studio v7.0 y anteriores, y Advantech Studio v7.0 y anteriores, permite a atacantes remotos leer archivos de su elección a través de un nombre de ruta absoluto en un argumento a la f... • https://www.exploit-db.com/exploits/23132 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 74%CPEs: 2EXPL: 2CVE-2011-4051 – InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4051
16 Nov 2011 — CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. El componente de CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 no requiere autenticación, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con la creación de un arc... • https://packetstorm.news/files/id/117113 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2011-4052 – InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4052
16 Nov 2011 — Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. Un desbordamiento de búfer basado en la pila en CEServer.exe del componente CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 permite a atacantes remotos ejecutar código de su eelcción a través de una operación 0x15 (o sea la elim... • http://www.indusoft.com/hotfixes/hotfixes.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2011-0342
https://notcve.org/view.php?id=CVE-2011-0342
02 Sep 2011 — Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method. Múltiples desbordamientos de buffer en el control ActiveX InduSoft ISSymbol en ISSymbol.ocx v301.1104.601.0 en InduSoft Web Studio v7.0B2 hotfix v7.0.01.04 permite a atacantes remotos ejecutar código de su elección a través de un paráme... • http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 1CVE-2011-1900 – Indusoft WebStudio NTWebServer Remote File Access
https://notcve.org/view.php?id=CVE-2011-1900
04 May 2011 — Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. Vulnerabilidad de salto de directorio en NTWebServer de InduSoft Web Studio 6.1 y 7.x anteriores a 7.0+Patch 1 permite a atacantes remotos ejecutar código arbitrario a través de una petición inválida. • https://packetstorm.news/files/id/180948 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •