VAR-201404-0551
Vulnerability from variot - Updated: 2024-01-18 23:02Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks. InduSoft Web Studio 7.1 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0551",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web studio",
"scope": "eq",
"trust": 2.2,
"vendor": "indusoft",
"version": "7.1"
},
{
"model": "web studio",
"scope": "lte",
"trust": 1.0,
"vendor": "indusoft",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "web studio",
"version": "7.1"
},
{
"model": "indusoft web studio",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.1 thats all 7.1 sp2 patch 4"
},
{
"model": "webstudio",
"scope": null,
"trust": 0.7,
"vendor": "indusoft",
"version": null
},
{
"model": "web studio sp2",
"scope": "lte",
"trust": 0.6,
"vendor": "indusoft",
"version": "\u003c=7.1"
},
{
"model": "web studio sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "indusoft",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "web studio",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:indusoft:web_studio:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:indusoft:web_studio:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:indusoft:web_studio:7.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Leitch",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "BID",
"id": "67056"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0780",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02688",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d76c350-463f-11e9-b69f-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "236decfa-1edb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0780",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-0780",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02688",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-504",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0780",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nExploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks. \nInduSoft Web Studio 7.1 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0780"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "BID",
"id": "67056"
},
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42699",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0780"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0780",
"trust": 4.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-107-02",
"trust": 3.1
},
{
"db": "BID",
"id": "67056",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "42699",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-02688",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2108",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-118",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "105551",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D76C350-463F-11E9-B69F-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "236DECFA-1EDB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2014-0780",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"db": "BID",
"id": "67056"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"id": "VAR-201404-0551",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
}
],
"trust": 1.58893775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
}
]
},
"last_update_date": "2024-01-18T23:02:11.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "InduSoft",
"trust": 0.8,
"url": "http://www.indusoft.com/"
},
{
"title": "Indusoft has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-107-02"
},
{
"title": "InduSoft Web Studio NTWebServer Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45216"
},
{
"title": "IWS71.2.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49642"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/ostorlab/kev "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-107-02"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42699/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67056"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0780"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-107-02 "
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0780"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105551"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ostorlab/kev"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"db": "BID",
"id": "67056"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"db": "BID",
"id": "67056"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"date": "2014-04-29T00:00:00",
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"date": "2014-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"date": "2014-04-25T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"date": "2014-04-24T00:00:00",
"db": "BID",
"id": "67056"
},
{
"date": "2014-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"date": "2014-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"date": "2014-04-25T05:12:07.787000",
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-02T00:00:00",
"db": "ZDI",
"id": "ZDI-14-118"
},
{
"date": "2014-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02688"
},
{
"date": "2017-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0780"
},
{
"date": "2014-05-21T01:02:00",
"db": "BID",
"id": "67056"
},
{
"date": "2014-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002261"
},
{
"date": "2014-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-504"
},
{
"date": "2017-09-16T01:29:00.513000",
"db": "NVD",
"id": "CVE-2014-0780"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InduSoft Web Studio NTWebServer Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02688"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7d76c350-463f-11e9-b69f-000c29342cb1"
},
{
"db": "IVD",
"id": "236decfa-1edb-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-504"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…