InduSoft Web Studio Arbitrary Script Execution

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote InduSoft Web Studio process is affected by an authentication
bypass vulnerability.

Description :

The remote host is running InduSoft Web Studio, a software product used
to develop HMI (Human-Machine Interface) software for monitoring and
controlling SCADA equipment.

The installed version of the software has a vulnerability that allows an
attacker to execute arbitrary code by sending a crafted packet to TCP
port 1234.

Solution :

The vendor reportedly is aware of the vulnerability but has not
released a patch for it at this time.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.0
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 70760 ()

Bugtraq ID: