CVE-2017-13997 - OpenCVE

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Wonderware Indusoft Web Studio Wonderware Intouch

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio::sp2::::::*
	cpe:2.3:a:schneider-electric:wonderware_intouch::sp2:::machine:::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100952
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-10-02T05:00:00

Updated: 2024-08-05T19:13:41.649Z

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-13997

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-03T01:29:01.857

Modified: 2019-10-09T23:23:41.827

Link: CVE-2017-13997

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition", "vendor": "n/a", "versions": [{"status": "affected", "version": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition"}]}], "datePublic": "2017-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-10-02T09:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"}, {"name": "100952", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-13997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition", "version": {"version_data": [{"version_value": "Schneider Electric InduSoft Web Studio, InTouch Machine Edition"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"}, {"name": "100952", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100952"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:13:41.649Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"}, {"name": "100952", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100952"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-13997", "datePublished": "2017-10-02T05:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2024-08-05T19:13:41.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "909E4BF0-FD67-4F8B-B577-57E8E5F7A686", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:*", "matchCriteriaId": "F51870FA-9C46-4C8B-83B0-3C32B0722581", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de ausencia de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica en Schneider Electric InduSoft Web Studio v8.0 SP2 o anteriores y en InTouch Machine Edition v8.0 SP2 o anteriores. InduSoft Web Studio proporciona la capacidad para que un cliente HMI d\u00e9 lugar a la ejecuci\u00f3n de un script en el servidor para realizar c\u00e1lculos o acciones personalizados. Una entidad maliciosa remota podr\u00eda omitir la autenticaci\u00f3n del servidor y desencadenar la ejecuci\u00f3n de un comando arbitrario. El comando se ejecuta con privilegios elevados y podr\u00eda desembocar en un compromiso del servidor por completo."}], "id": "CVE-2017-13997", "lastModified": "2019-10-09T23:23:41.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-03T01:29:01.857", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100952"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}