12 matches found
CVE-2014-0780
CVE-2014-0780 affects InduSoft Web Studio NTWebServer in version 7.1 prior to SP2 Patch 4. The NTWebServer directory traversal flaw lets remote attackers read APP password files and can lead to remote code execution. Exploitation is described as remote and not requiring authentication, enabling u...
CVE-2011-0340
CVE-2011-0340 affects the InduSoft ISSymbol ActiveX control (ISSymbol.ocx) and related InduSoft/Web Studio components. The root cause is heap-based buffer overflows triggered by overly long strings in properties InternationalOrder, InternationalSeparator, LogFileName, or in the OpenScreen method’...
CVE-2011-4051
CVE-2011-4051 affects InduSoft Web Studio Remote Agent (CEServer component) and is due to lack of authentication for incoming requests, enabling unauthenticated remote code execution via file creation, DLL loading, and process control. Public sightings indicate exploit tooling and PoCs exist (e.g...
CVE-2013-1627
The CVE-2013-1627 entry describes a directory traversal (CWE-22) in NTWebServer.exe used by Indusoft Studio 7.0 and Advantech Studio 7.0 and earlier. The vulnerability allows remote attackers to read arbitrary files by supplying a full pathname to the sub_401A90 CreateFileW call, enabling potenti...
CVE-2015-1009
CVE-2015-1009 affects Schneider Electric InduSoft Web Studio (before v7.1.3.5 Patch 5) and Wonderware InTouch Machine Edition (through 7.1 SP3 Patch 4). The vulnerability is information disclosure: project-window passwords are stored in clear text in the configuration file, enabling local users t...
CVE-2011-0488
CVE-2011-0488 is a stack-based buffer overflow in NTWebServer.exe (InduSoft NTWebServer) shipped with Advantech Studio 6.1 and InduSoft Web Studio 7.0. The vulnerability is triggered by requests > 2048 bytes to TCP port 80, allowing remote attackers to cause a denial of service (daemon crash) ...
CVE-2011-1900
CVE-2011-1900 describes a directory traversal flaw in the NTWebServer component of InduSoft Web Studio (versions 6.1 and 7.x prior to 7.0+Patch 1). The vulnerability allows remote attackers to execute arbitrary code via an invalid request, effectively impacting systems running affected builds. Ro...
CVE-2018-8840
The CVE-2018-8840 issue is a stack-based buffer overflow in Schneider Electric InduSoft Web Studio (v8.1 and earlier) and InTouch Machine Edition 2017 (v8.1 and earlier). The vulnerability allows a remote attacker to trigger arbitrary code execution by sending a crafted packet during tag, alarm, ...
CVE-2011-4052
CVE-2011-4052 affects InduSoft Web Studio (CEServer.exe in the CEServer component, Remote Agent) with versions 6.1 and 7.0. The vulnerability arises from a stack-based buffer overflow triggered by a crafted 0x15 (Remove File) operation on a long file name, allowing remote attackers to execute arb...
CVE-2015-7374
CVE-2015-7374 affects Schneider Electric InduSoft Web Studio via the Remote Agent component (Windows). The vulnerability enables remote code execution due to lack of authentication on the Remote Agent service (TCP port 1234), allowing remote API calls to be executed with the process’s privileges....
CVE-2011-0342
Summary (CVE-2011-0342) : InduSoft ISSymbol ActiveX control (ISSymbol.ocx 301.1104.601.0) in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 is affected. Boundary- or heap/stack-based buffer overflows occur when processing the Open, Close, or SetCurrentLanguage methods due to overly long strings, allo...
CVE-2015-7375
Schneider Electric InduSoft Web Studio is affected by CVE-2015-7375. The vulnerability arises in the handling/parsing of Indusoft Project files, allowing remote code execution or a denial of service (unhandled runtime exception and application crash) in InduSoft Web Studio before version 8.0. Pub...