InduSoft Web Studio < v8.1 + SP1 RCE

Critical Nessus Network Monitor Plugin ID 700241


A vulnerable version of InduSoft Web Studio has been detected.


InduSoft Web Studio versions prior to v8.1 + SP1 contain InduSoft Web Studio contain a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. The code would be executed under high privileges and could lead to a complete compromise of the InduSoft Web Studio server machine.


Upgrade to InduSoft WebStudio v8.1 SP1.

See Also

Plugin Details

Severity: Critical

ID: 700241

Family: SCADA

Published: 2018/04/16

Modified: 2018/04/16

Dependencies: 8031

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.3


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:indusoft:web_studio

Patch Publication Date: 2018/04/06

Vulnerability Publication Date: 2018/04/06