InduSoft Web Studio < v8.1 + SP1 RCE

critical Nessus Network Monitor Plugin ID 700241

Synopsis

A vulnerable version of InduSoft Web Studio has been detected.

Description

InduSoft Web Studio versions prior to v8.1 + SP1 contain InduSoft Web Studio contain a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. The code would be executed under high privileges and could lead to a complete compromise of the InduSoft Web Studio server machine.

Solution

Upgrade to InduSoft WebStudio v8.1 SP1.

See Also

https://sw.aveva.com/hubfs/pdf/security-bulletin/LFSec00000125-2.pdf

Plugin Details

Severity: Critical

ID: 700241

Family: SCADA

Published: 4/16/2018

Updated: 4/6/2019

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:indusoft:web_studio

Patch Publication Date: 4/6/2018

Vulnerability Publication Date: 4/6/2018