CVE-2013-1627
published 2013-03-11CVE-2013-1627: Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to…
PriorityP346high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.39%
87.3th percentile
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_studio | — | — |
| indusoft | web_studio | — | — |
| indusoft | web_studio | — | — |
| indusoft | web_studio | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4f67-fhjj-9h87: Absolute path traversal vulnerability in NTWebServer
ghsa_unreviewed·2022-05-17
CVE-2013-1627 [HIGH] CWE-22 GHSA-4f67-fhjj-9h87: Absolute path traversal vulnerability in NTWebServer
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
CISA ICS
InduSoft Advantech Studio Directory Traversal
cisa_ics·2013-01-04
InduSoft Advantech Studio Directory Traversal
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
InduSoft Advantech Studio Directory Traversal
Last RevisedSeptember 06, 2018
Alert CodeICSA-13-067-01
## OVERVIEW
This advisory is a follow-up to the alert titled ICS-ALERT-13-004-01—Advantech Studio Directory Traversal that was published January 4, 2013, on the ICS-CERT Web page.
Independent researcher Nin3 released proof-of-concept (PoC) exploit code for a directory traversal vulnerability in Indusoft Studio and Advantech Studio applications without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. Indusoft originally produced this pr
No detection rules found.
2013-03-11
Published