InduSoft Web Studio Arbitrary Script Execution

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote InduSoft Web Studio process is affected by an authentication
bypass vulnerability.

Description :

The remote host is running InduSoft Web Studio, a software product used
to develop HMI (Human-Machine Interface) software for monitoring and
controlling SCADA equipment.

The installed version of the software has a vulnerability that allows an
attacker to execute arbitrary code by sending a crafted packet to TCP
port 1234.

Solution :

The vendor reportedly is aware of the vulnerability but has not
released a patch for it at this time.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 70760 ()

Bugtraq ID:

CVE ID: