KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2014-0780

PUBLISHED

InduSoft Web Studio Path Traversal

Exploited in the wild Remote Low complexity No user interaction

Vendor: InduSoft
Product: Web Studio
Published: Apr 25, 2014
EPSS: —

Description

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

cisa

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2022-04-15 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Apr 15, 2022

Timeline

CVE ID Reserved

January 02, 2014
CVE Published to Public

April 25, 2014
Added to KEVIntel

April 15, 2022