Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Fixes

Solution

InduSoft did not intend for this web server to be used in real applications. It was provided as demonstration/training software (as stated in user manuals). They have created a mitigation for this vulnerability in InduSoft Web Studio v7.1+Service Pack 2+ Patch 4. Users may obtain this patch at the following location (you must be logged into your InduSoft account):  http://download.indusoft.com/71.2.4/IWS71.2.4.zip InduSoft technical support can be contacted at: support@indusoft.com .


Workaround

No workaround given by the vendor.

History

Thu, 25 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Title InduSoft Web Studio Path Traversal
References

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-04-15'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-09-25T17:16:50.255Z

Reserved: 2014-01-02T00:00:00.000Z

Link: CVE-2014-0780

cve-icon Vulnrichment

Updated: 2024-08-06T09:27:19.473Z

cve-icon NVD

Status : Deferred

Published: 2014-04-25T05:12:07.787

Modified: 2025-09-25T18:15:33.943

Link: CVE-2014-0780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.