CVE-2014-0780
published 2014-04-25CVE-2014-0780: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-06
Exploited in the wild
EPSS
74.55%
99.4th percentile
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| indusoft | web_studio | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP GET requests to NTWebServer (default port 80) containing repeated '../' sequences in the URI path, indicative of directory traversal attempts against InduSoft Web Studio. ↗
- →Alert on HTTP 200 responses from NTWebServer where the response message contains 'Sending file', as the Metasploit module uses this string to confirm successful file retrieval. ↗
- →Monitor for outbound retrieval of .APP files from the InduSoft Web Studio host, as these files may contain administrative credentials enabling follow-on remote code execution. ↗
- →The traversal depth defaults to 10 levels (or configurable up to any depth); detection rules should match URIs with 8 or more consecutive '../' sequences targeting the NTWebServer process. ↗
- ·NTWebServer is a test/demonstration web server not intended for production use; its presence in a live environment is itself a misconfiguration that exposes this vulnerability. ↗
- ·The default traversal depth used by the Metasploit module is 10 levels, but the DEPTH option is configurable, meaning detection signatures relying on a fixed traversal depth may miss variants. ↗
- ·The default target file in the Metasploit module is 'boot.ini', but the FILE option is fully configurable, so defenders should not rely solely on detecting requests for specific filenames. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
cisa·2022-04-15·CVSS 9.8
CVE-2014-0780 [CRITICAL] CWE-22 InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
Vulnerability: InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
Affected: InduSoft Web Studio
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-0780
Remediation Due Date: 2022-05-06
CISA ICS
InduSoft Web Studio Directory Traversal Vulnerability
cisa_ics·2018-08-23
InduSoft Web Studio Directory Traversal Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
InduSoft Web Studio Directory Traversal Vulnerability
Last RevisedAugust 23, 2018
Alert CodeICSA-14-107-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on April 17, 2014, and is now being released to the NCCIC/ICS-CERT web site.
ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning a Directory Traversal vulnerability affecting the InduSoft Web Studio application. This vulnerability was reported to ZDI by security researcher John Leitch. Successful exploitation of this vulnerability could allow remote execution of arbitr
GHSA
GHSA-8mf8-x5px-f6px: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7
ghsa_unreviewed·2022-05-17
CVE-2014-0780 [HIGH] CWE-22 GHSA-8mf8-x5px-f6px: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
VulnCheck
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
vulncheck·2014·CVSS 9.8
CVE-2014-0780 [CRITICAL] CWE-22 InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
Affected: InduSoft Web Studio
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-plague/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.checkpoint.com/security/april-2022s-most-wanted-malware-a-shake-up-in-the-index-but-emotet-is-still-on-top/; https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-declin
No detection rules found.
No writeups or analysis indexed.
http://download.indusoft.com/71.2.4/IWS71.2.4.ziphttp://www.securityfocus.com/bid/67056https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02https://www.exploit-db.com/exploits/42699/http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02http://www.securityfocus.com/bid/67056https://www.exploit-db.com/exploits/42699/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780
2014-04-25
Published
2022-04-15
Added to CISA KEV
Exploited in the wild