InduSoft Web Studio < v7.1 + SP2 + P2 Security System Vulnerability

medium Nessus Network Monitor Plugin ID 8260

Synopsis

A version of InduSoft Web Studio containing a vulnerability in its security system has been detected.

Description

InduSoft Web Studio versions prior to v7.1 + SP2 + P2 do not save changes to the security system if they are made by the Thin Client. This may mislead an administrator into thinking that security settings have been saved when they have not been and that the system is more secure than it really is.

Solution

Upgrade to InduSoft WebStudio v7.1 + SP2 + P2 or later.

See Also

http://www.indusoft.com/

http://www.indusoft.com/Products-Downloads/Download-Library/Current-Release-Notes

Plugin Details

Severity: Medium

ID: 8260

Family: SCADA

Published: 5/19/2014

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:indusoft:web_studio

Patch Publication Date: 12/10/2013

Vulnerability Publication Date: 12/10/2013

Reference Information

BID: 64750