← voltar
CVE-2017-13997

CVE-2017-13997

EPSS 5.1%CWE-306
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 5.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 out 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
Produtos afetados
n/a · Schneider Electric InduSoft Web Studio, InTouch Machine Edition

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01http://www.securityfocus.com/bid/100952