cnvd - cnvd-2017-27937

CNVD-2017-27937

Vulnerability from cnvd - Published: 2017-09-22

Title

Schneider Electric InduSoft Web Studio和InTouch Machine Edition远程代码执行漏洞

Description

InduSoft Web Studio和InTouch Machine Edition都是法国施耐德电气（Schneider Electric）公司的一个嵌入式HMI软件包。 Schneider Electric InduSoft Web Studio和InTouch Machine Edition存在远程代码执行漏洞，InduSoft Web Studio提供了HMI客户端在服务器上触发脚本执行的功能，以执行自定义的计算或操作。远程攻击者可绕过服务器认证并触发任意命令的执行。该命令在高权限下执行，可能导致服务器的完全妥协。

Severity

高

Patch Name

Schneider Electric InduSoft Web Studio和InTouch Machine Edition远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://download.indusoft.com/80.2.1/IWS80.2.1.zip https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22453

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01

Impacted products

Name
['Schneider Electric InduSoft Web Studio <=8.0 SP2', 'Schneider Electric InTouch Machine Edition <=8.0 SP2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13997"
    }
  },
  "description": "InduSoft Web Studio\u548cInTouch Machine Edition\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002 \r\n\r\nSchneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0cInduSoft Web Studio\u63d0\u4f9b\u4e86HMI\u5ba2\u6237\u7aef\u5728\u670d\u52a1\u5668\u4e0a\u89e6\u53d1\u811a\u672c\u6267\u884c\u7684\u529f\u80fd\uff0c\u4ee5\u6267\u884c\u81ea\u5b9a\u4e49\u7684\u8ba1\u7b97\u6216\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u670d\u52a1\u5668\u8ba4\u8bc1\u5e76\u89e6\u53d1\u4efb\u610f\u547d\u4ee4\u7684\u6267\u884c\u3002\u8be5\u547d\u4ee4\u5728\u9ad8\u6743\u9650\u4e0b\u6267\u884c\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u5b8c\u5168\u59a5\u534f\u3002",
  "discovererName": "Aaron Portnoy, formerly of Exodus Intelligence",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://download.indusoft.com/80.2.1/IWS80.2.1.zip\r\nhttps://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22453",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-27937",
  "openTime": "2017-09-22",
  "patchDescription": "InduSoft Web Studio\u548cInTouch Machine Edition\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002 \r\n\r\nSchneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0cInduSoft Web Studio\u63d0\u4f9b\u4e86HMI\u5ba2\u6237\u7aef\u5728\u670d\u52a1\u5668\u4e0a\u89e6\u53d1\u811a\u672c\u6267\u884c\u7684\u529f\u80fd\uff0c\u4ee5\u6267\u884c\u81ea\u5b9a\u4e49\u7684\u8ba1\u7b97\u6216\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u670d\u52a1\u5668\u8ba4\u8bc1\u5e76\u89e6\u53d1\u4efb\u610f\u547d\u4ee4\u7684\u6267\u884c\u3002\u8be5\u547d\u4ee4\u5728\u9ad8\u6743\u9650\u4e0b\u6267\u884c\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u5b8c\u5168\u59a5\u534f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric InduSoft Web Studio \u003c=8.0 SP2",
      "Schneider Electric InTouch Machine Edition \u003c=8.0 SP2"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-22",
  "title": "Schneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-13997 (GCVE-0-2017-13997)

Vulnerability from cvelistv5 – Published: 2017-10-02 05:00 – Updated: 2024-08-05 19:13

Summary

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.

Severity ?

No CVSS data available.

CWE

CWE-306

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01	x_refsource_MISC
	http://www.securityfocus.com/bid/100952	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric InduSoft Web Studio, InTouch Machine Edition	Affected: Schneider Electric InduSoft Web Studio, InTouch Machine Edition

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:13:41.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
          },
          {
            "name": "100952",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100952"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition"
            }
          ]
        }
      ],
      "datePublic": "2017-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-02T09:57:02",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
        },
        {
          "name": "100952",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100952"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-13997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
            },
            {
              "name": "100952",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100952"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-13997",
    "datePublished": "2017-10-02T05:00:00",
    "dateReserved": "2017-08-30T00:00:00",
    "dateUpdated": "2024-08-05T19:13:41.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-27937

CVE-2017-13997 (GCVE-0-2017-13997)

Tags

Sightings

Nomenclature