CVE-2017-14024
https://notcve.org/view.php?id=CVE-2017-14024
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. Se descubrió un problema de desbordamiento de búfer basado en pila en Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 o anterior y en InTouch Machine Edition v8.0 SP2 Patch 1 o anterior. La vulnerabilidad de desbordamiento de búfer basado en pila ha sido identificada. Podría permitir la ejecución remota de código con altos privilegios. • http://www.securityfocus.com/bid/101779 https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-13997
https://notcve.org/view.php?id=CVE-2017-13997
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Se descubrió un problema de ausencia de autenticación para una función crítica en Schneider Electric InduSoft Web Studio v8.0 SP2 o anteriores y en InTouch Machine Edition v8.0 SP2 o anteriores. • http://www.securityfocus.com/bid/100952 https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01 • CWE-306: Missing Authentication for Critical Function •
CVE-2017-7968
https://notcve.org/view.php?id=CVE-2017-7968
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. Un problema de permisos predeterminado incorrecto se descubrió en Schneider Electric Wonderware InduSoft Web Studio v8.0 revisión 3 y versiones anteriores. Después de la instalación, Wonderware InduSoft Web Studio crea un nuevo directorio y dos archivos, que se colocan en la ruta del sistema y pueden ser manipulados por no administradores. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02 http://www.securityfocus.com/bid/98544 https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02 • CWE-276: Incorrect Default Permissions •