cbcvebase.
CVE-2011-1900
published 2011-05-04

CVE-2011-1900: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an…

PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
32.04%
98.1th percentile
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.

Affected

2 ranges
VendorProductVersion rangeFixed in
indusoftweb_studio
indusoftweb_studio

Detection & IOCsextracted from sources · hover to see the quote

otherNTWebServer
otherindusoft_ntwebserver_fileaccess
  • Monitor for directory traversal sequences (e.g., '../') in HTTP requests directed at the NTWebServer component of InduSoft Web Studio.
  • Detect exploitation attempts targeting the NTWebServer component for arbitrary remote file reads, particularly from SCADA-focused scanners such as the Metasploit auxiliary module indusoft_ntwebserver_fileaccess.
  • Flag anomalous or malformed/invalid HTTP requests to InduSoft Web Studio's NTWebServer, as the exploit vector is described as 'an invalid request'.
  • ·Vulnerability affects InduSoft Web Studio versions 6.1 and 7.x prior to 7.0+Patch 1; patched systems running 7.0+Patch 1 or later are not affected.
  • ·Exploitation grants file read privileges at the level of the NTWebServer process account; privilege level of that account affects impact scope.
  • ·Metasploit module was tested specifically against Indusoft WebStudio 6.1 SP6; behavior on other sub-versions may differ.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.