Back
CVE-2014-0780
CRITICAL
CISA KEV
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Published: Apr 25, 2014
Modified: Apr 22, 2026
CWE-22
CWE-22
CWE-22
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| indusoft | web_studio | 7.1 |
| indusoft | web_studio | 7.1 |
| indusoft | web_studio | 7.1 |
GitHub Security Advisory GHSA-8mf8-x5px-f6px
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4...
References (8)
- http://download.indusoft.com/71.2.4/IWS71.2.4.zip Broken Link
- http://www.securityfocus.com/bid/67056 Broken Link, Third Party Advisory, VDB Entry
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02 US Government Resource
- https://www.exploit-db.com/exploits/42699/ Exploit, Third Party Advisory, VDB Entry
- http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02 Patch, Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/67056 Broken Link, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/42699/ Exploit, Third Party Advisory, VDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780 US Government Resource
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
89.25%
Top 0% most likely to be exploited
Threat Score
96 / 100
CISA Known Exploited
Date Added:
2022-04-15
Due Date:
2022-05-06
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS
GitHub