cvelistv5 - cve-2017-13997

CVE-2017-13997 (GCVE-0-2017-13997)

Vulnerability from cvelistv5 – Published: 2017-10-02 05:00 – Updated: 2024-08-05 19:13

Summary

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.

Severity ?

No CVSS data available.

CWE

CWE-306

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Schneider Electric InduSoft Web Studio, InTouch Machine Edition	Affected: Schneider Electric InduSoft Web Studio, InTouch Machine Edition

VAR-201710-0794

Vulnerability from variot - Updated: 2023-12-18 13:02

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0794",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wonderware intouch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "wonderware indusoft web studio",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "indusoft web studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "8.0 sp2 or earlier"
      },
      {
        "model": "intouch machine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "edition 8.0 sp2 or earlier"
      },
      {
        "model": "electric indusoft web studio sp2",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "\u003c=8.0"
      },
      {
        "model": "electric intouch machine edition sp2",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "\u003c=8.0"
      },
      {
        "model": "wonderware indusoft web studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "wonderware intouch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "intouch machine edition sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "indusoft web studio sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "8.0"
      },
      {
        "model": "indusoft web studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "7.1.3.4"
      },
      {
        "model": "indusoft web studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "7.1.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wonderware indusoft web studio",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wonderware intouch",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aaron Portnoy.",
    "sources": [
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-13997",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-13997",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-27937",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-13997",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-13997",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-27937",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-1090",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-13997",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Multiple Schneider Electric Products are prone to an authentication-bypass vulnerability. This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-13997",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-264-01",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "100952",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "0AD8AB4D-3F4E-446E-82BB-A9142F084E36",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "id": "VAR-201710-0794",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      }
    ],
    "trust": 1.6507751750000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:02:52.809000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LFSEC00000124",
        "trust": 0.8,
        "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000124/"
      },
      {
        "title": "Patch for Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/102615"
      },
      {
        "title": "Schneider Electric InduSoft Web Studio  and InTouch Machine Edition Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75077"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-264-01"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/100952"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13997"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13997"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/products/ww/en/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/306.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "db": "BID",
        "id": "100952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-22T00:00:00",
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "date": "2017-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "date": "2017-09-21T00:00:00",
        "db": "BID",
        "id": "100952"
      },
      {
        "date": "2017-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "date": "2017-10-03T01:29:01.857000",
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-27937"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-13997"
      },
      {
        "date": "2017-09-21T00:00:00",
        "db": "BID",
        "id": "100952"
      },
      {
        "date": "2017-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      },
      {
        "date": "2019-10-09T23:23:41.827000",
        "db": "NVD",
        "id": "CVE-2017-13997"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric InduSoft Web Studio and  InTouch Machine Edition Vulnerabilities related to lack of authentication for critical functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009427"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1090"
      }
    ],
    "trust": 0.8
  }
}

GHSA-MPCF-5X9H-P6P7

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-13997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-03T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.",
  "id": "GHSA-mpcf-5x9h-p6p7",
  "modified": "2022-05-13T01:37:42Z",
  "published": "2022-05-13T01:37:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13997"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100952"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-13997

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-13997

Aliases

CVE-2017-13997

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-13997",
    "description": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.",
    "id": "GSD-2017-13997"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-13997"
      ],
      "details": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.",
      "id": "GSD-2017-13997",
      "modified": "2023-12-13T01:21:01.976631Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-13997",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
          },
          {
            "name": "100952",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100952"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-13997"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
            },
            {
              "name": "100952",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100952"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2017-10-03T01:29Z"
    }
  }
}

CNVD-2017-27937

Vulnerability from cnvd - Published: 2017-09-22

Title

Schneider Electric InduSoft Web Studio和InTouch Machine Edition远程代码执行漏洞

Description

InduSoft Web Studio和InTouch Machine Edition都是法国施耐德电气（Schneider Electric）公司的一个嵌入式HMI软件包。 Schneider Electric InduSoft Web Studio和InTouch Machine Edition存在远程代码执行漏洞，InduSoft Web Studio提供了HMI客户端在服务器上触发脚本执行的功能，以执行自定义的计算或操作。远程攻击者可绕过服务器认证并触发任意命令的执行。该命令在高权限下执行，可能导致服务器的完全妥协。

Severity

高

Patch Name

Schneider Electric InduSoft Web Studio和InTouch Machine Edition远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://download.indusoft.com/80.2.1/IWS80.2.1.zip https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22453

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01

Impacted products

Name
['Schneider Electric InduSoft Web Studio <=8.0 SP2', 'Schneider Electric InTouch Machine Edition <=8.0 SP2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13997"
    }
  },
  "description": "InduSoft Web Studio\u548cInTouch Machine Edition\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002 \r\n\r\nSchneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0cInduSoft Web Studio\u63d0\u4f9b\u4e86HMI\u5ba2\u6237\u7aef\u5728\u670d\u52a1\u5668\u4e0a\u89e6\u53d1\u811a\u672c\u6267\u884c\u7684\u529f\u80fd\uff0c\u4ee5\u6267\u884c\u81ea\u5b9a\u4e49\u7684\u8ba1\u7b97\u6216\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u670d\u52a1\u5668\u8ba4\u8bc1\u5e76\u89e6\u53d1\u4efb\u610f\u547d\u4ee4\u7684\u6267\u884c\u3002\u8be5\u547d\u4ee4\u5728\u9ad8\u6743\u9650\u4e0b\u6267\u884c\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u5b8c\u5168\u59a5\u534f\u3002",
  "discovererName": "Aaron Portnoy, formerly of Exodus Intelligence",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://download.indusoft.com/80.2.1/IWS80.2.1.zip\r\nhttps://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22453",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-27937",
  "openTime": "2017-09-22",
  "patchDescription": "InduSoft Web Studio\u548cInTouch Machine Edition\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002 \r\n\r\nSchneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0cInduSoft Web Studio\u63d0\u4f9b\u4e86HMI\u5ba2\u6237\u7aef\u5728\u670d\u52a1\u5668\u4e0a\u89e6\u53d1\u811a\u672c\u6267\u884c\u7684\u529f\u80fd\uff0c\u4ee5\u6267\u884c\u81ea\u5b9a\u4e49\u7684\u8ba1\u7b97\u6216\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u670d\u52a1\u5668\u8ba4\u8bc1\u5e76\u89e6\u53d1\u4efb\u610f\u547d\u4ee4\u7684\u6267\u884c\u3002\u8be5\u547d\u4ee4\u5728\u9ad8\u6743\u9650\u4e0b\u6267\u884c\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u7684\u5b8c\u5168\u59a5\u534f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric InduSoft Web Studio \u003c=8.0 SP2",
      "Schneider Electric InTouch Machine Edition \u003c=8.0 SP2"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-22",
  "title": "Schneider Electric InduSoft Web Studio\u548cInTouch Machine Edition\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-13997

Vulnerability from fkie_nvd - Published: 2017-10-03 01:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/100952	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100952	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	schneider-electric	wonderware_indusoft_web_studio	*
	schneider-electric	wonderware_intouch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "909E4BF0-FD67-4F8B-B577-57E8E5F7A686",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:*",
              "matchCriteriaId": "F51870FA-9C46-4C8B-83B0-3C32B0722581",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de ausencia de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica en Schneider Electric InduSoft Web Studio v8.0 SP2 o anteriores y en InTouch Machine Edition v8.0 SP2 o anteriores. InduSoft Web Studio proporciona la capacidad para que un cliente HMI d\u00e9 lugar a la ejecuci\u00f3n de un script en el servidor para realizar c\u00e1lculos o acciones personalizados. Una entidad maliciosa remota podr\u00eda omitir la autenticaci\u00f3n del servidor y desencadenar la ejecuci\u00f3n de un comando arbitrario. El comando se ejecuta con privilegios elevados y podr\u00eda desembocar en un compromiso del servidor por completo."
    }
  ],
  "id": "CVE-2017-13997",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-03T01:29:01.857",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100952"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-17-264-01

Vulnerability from csaf_cisa - Published: 2017-09-21 00:00 - Updated: 2017-09-21 00:00

Summary

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Critical infrastructure sectors

Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Paris, France

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Aaron Portnoy"
        ],
        "organization": "Exodus Intelligence",
        "summary": "discovering and reporting this vulnerability to ICS-CERT"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Paris, France",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-264-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-264-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-264-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-264-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-264-01"
      }
    ],
    "title": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition",
    "tracking": {
      "current_release_date": "2017-09-21T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-264-01",
      "initial_release_date": "2017-09-21T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-09-21T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-264-01 Schneider Electric InduSoft Web Studio, InTouch Machine Edition"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 8.0 SP2",
                "product": {
                  "name": "InduSoft Web Studio: v8.0 SP2 or prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "InduSoft Web Studio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 8.0 SP2",
                "product": {
                  "name": "InTouch Machine Edition: v8.0 SP2 or prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "InTouch Machine Edition"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-13997",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.CVE-2017-13997 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13997"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric recommends users using InduSoft Web Studio v8.0 SP2 or prior should upgrade and apply InduSoft Web Studio v8.0 SP2 Patch 1 as soon as possible. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://download.indusoft.com/80.2.1/IWS80.2.1.zip"
        },
        {
          "category": "vendor_fix",
          "details": "Schneider Electric recommends users using InTouch Machine Edition v8.0 SP2 or prior should upgrade and apply InTouch Machine Edition v8.0 SP2 Patch 1 as soon as possible. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22453"
        },
        {
          "category": "mitigation",
          "details": "For more information on this vulnerability and associated patch, please see InduSoft Security Bulletin LFSEC00000121 on the Schneider Electric cybersecurity web site",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://software.schneider-electric.com/support/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-13997 (GCVE-0-2017-13997)

VAR-201710-0794

GHSA-MPCF-5X9H-P6P7

GSD-2017-13997

CNVD-2017-27937

FKIE_CVE-2017-13997

ICSA-17-264-01

Tags

Sightings

Nomenclature