Schneider Electric InduSoft Web Studio < 8.0 SP2 Patch 1 Unspecified Remote Command Execution (LFSEC00000121)
Critical Nessus Plugin ID 104101
SynopsisThe InduSoft Web Studio software running on the remote host is affected by an information disclosure vulnerability.
DescriptionAccording to its self-reported version, the Schneider Electric InduSoft Web Studio software running on the remote host is prior to 8.0 SP2 Patch 1. It is, therefore, affected by an unspecified flaw that allow a remote attacker to bypass authentication mechanisms and execute arbitrary commands with elevated privileges.
SolutionUpgrade to Schneider Electric InduSoft Web Studio 8.0 SP2 Patch 1 or later.