VAR-201710-0794
Vulnerability from variot - Updated: 2023-12-18 13:02A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Multiple Schneider Electric Products are prone to an authentication-bypass vulnerability. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0794",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wonderware intouch",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "wonderware indusoft web studio",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "8.0 sp2 or earlier"
},
{
"model": "intouch machine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "edition 8.0 sp2 or earlier"
},
{
"model": "electric indusoft web studio sp2",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=8.0"
},
{
"model": "electric intouch machine edition sp2",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=8.0"
},
{
"model": "wonderware indusoft web studio",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "wonderware intouch",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "intouch machine edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "indusoft web studio sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.4"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wonderware indusoft web studio",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wonderware intouch",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "BID",
"id": "100952"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Portnoy.",
"sources": [
{
"db": "BID",
"id": "100952"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
],
"trust": 0.9
},
"cve": "CVE-2017-13997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-13997",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27937",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13997",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13997",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-27937",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1090",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-13997",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Multiple Schneider Electric Products are prone to an authentication-bypass vulnerability. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "BID",
"id": "100952"
},
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "VULMON",
"id": "CVE-2017-13997"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13997",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-264-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100952",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-27937",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427",
"trust": 0.8
},
{
"db": "IVD",
"id": "0AD8AB4D-3F4E-446E-82BB-A9142F084E36",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-13997",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"db": "BID",
"id": "100952"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"id": "VAR-201710-0794",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
}
],
"trust": 1.6507751750000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
}
]
},
"last_update_date": "2023-12-18T13:02:52.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LFSEC00000124",
"trust": 0.8,
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000124/"
},
{
"title": "Patch for Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/102615"
},
{
"title": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-264-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100952"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13997"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13997"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"db": "BID",
"id": "100952"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"db": "BID",
"id": "100952"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100952"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"date": "2017-10-03T01:29:01.857000",
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27937"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13997"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100952"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009427"
},
{
"date": "2019-10-09T23:23:41.827000",
"db": "NVD",
"id": "CVE-2017-13997"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009427"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "0ad8ab4d-3f4e-446e-82bb-a9142f084e36"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1090"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…