InduSoft Web Studio < v7.1 + SP2 + P2 Security System Vulnerability

Medium Nessus Network Monitor Plugin ID 8260

Synopsis

A version of InduSoft Web Studio containing a vulnerability in its security system has been detected.

Description

InduSoft Web Studio versions prior to v7.1 + SP2 + P2 do not save changes to the security system if they are made by the Thin Client. This may mislead an administrator into thinking that security settings have been saved when they have not been and that the system is more secure than it really is.

Solution

Upgrade to InduSoft WebStudio v7.1 + SP2 + P2 or later.

See Also

http://www.indusoft.com/

http://www.indusoft.com/Products-Downloads/Download-Library/Current-Release-Notes

Plugin Details

Severity: Medium

ID: 8260

Family: SCADA

Published: 2014/05/19

Updated: 2019/03/06

Dependencies: 8166

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:indusoft:web_studio

Patch Publication Date: 2013/12/10

Vulnerability Publication Date: 2013/12/10

Reference Information

BID: 64750