CVE-2011-1900
published 2011-05-04CVE-2011-1900: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an…
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
32.04%
98.1th percentile
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| indusoft | web_studio | — | — |
| indusoft | web_studio | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for directory traversal sequences (e.g., '../') in HTTP requests directed at the NTWebServer component of InduSoft Web Studio. ↗
- →Detect exploitation attempts targeting the NTWebServer component for arbitrary remote file reads, particularly from SCADA-focused scanners such as the Metasploit auxiliary module indusoft_ntwebserver_fileaccess. ↗
- →Flag anomalous or malformed/invalid HTTP requests to InduSoft Web Studio's NTWebServer, as the exploit vector is described as 'an invalid request'. ↗
- ·Vulnerability affects InduSoft Web Studio versions 6.1 and 7.x prior to 7.0+Patch 1; patched systems running 7.0+Patch 1 or later are not affected. ↗
- ·Exploitation grants file read privileges at the level of the NTWebServer process account; privilege level of that account affects impact scope. ↗
- ·Metasploit module was tested specifically against Indusoft WebStudio 6.1 SP6; behavior on other sub-versions may differ. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2011-05-04
Published