Details of VAR-201105-0111

ID

VAR-201105-0111

CVE

CVE-2011-1900

TITLE

InduSoft Web Studio Directory Traversal Vulnerability

Trust: 1.1

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1873 // BID: 47842

DESCRIPTION

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. Indusoft Web Studio is a powerful graphics control software. A remote attacker can exploit the vulnerability to view system file information in the application context. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2011-1900 // JVNDB: JVNDB-2011-004589 // CNVD: CNVD-2011-1873 // BID: 47842 // IVD: 02c7c484-2355-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1873

AFFECTED PRODUCTS

vendor:	indusoft	model:	web studio	scope:	eq	version:	6.1	Trust: 2.5
vendor:	indusoft	model:	web studio	scope:	eq	version:	7.0	Trust: 2.5
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	6.1 and 7.0	Trust: 0.8
vendor:	indusoft	model:	web studio	scope:	ne	version:	7.0.104	Trust: 0.3
vendor:	web studio	model:	-	scope:	eq	version:	6.1	Trust: 0.2
vendor:	web studio	model:	-	scope:	eq	version:	7.0	Trust: 0.2

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1873 // BID: 47842 // JVNDB: JVNDB-2011-004589 // CNNVD: CNNVD-201105-059 // NVD: CVE-2011-1900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1900
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-1900
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201105-059
value:	CRITICAL
Trust: 0.6
IVD:	02c7c484-2355-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2011-1900
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	02c7c484-2355-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-004589 // CNNVD: CNNVD-201105-059 // NVD: CVE-2011-1900

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-004589 // NVD: CVE-2011-1900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-059

TYPE

Path traversal

Trust: 0.8

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201105-059

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004589

PATCH

title:	Security Updates and Hotfixes	url:	http://www.indusoft.com/Login?returnurl=%2fProducts-Downloads%2fSecurity-Hotfix-Updates	Trust: 0.8
title:	InduSoft Web Studio Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/3873	Trust: 0.6

sources: CNVD: CNVD-2011-1873 // JVNDB: JVNDB-2011-004589

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1900	Trust: 3.5
db:	CNVD	id:	CNVD-2011-1873	Trust: 0.8
db:	CNNVD	id:	CNNVD-201105-059	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-004589	Trust: 0.8
db:	NSFOCUS	id:	21045	Trust: 0.6
db:	BID	id:	47842	Trust: 0.3
db:	IVD	id:	02C7C484-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 02c7c484-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1873 // BID: 47842 // JVNDB: JVNDB-2011-004589 // CNNVD: CNNVD-201105-059 // NVD: CVE-2011-1900

REFERENCES

url:	http://www.indusoft.com/hotfixes/hotfixes.php	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1900	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1900	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/21045	Trust: 0.6
url:	http://www.indusoft.com/	Trust: 0.3

sources: CNVD: CNVD-2011-1873 // BID: 47842 // JVNDB: JVNDB-2011-004589 // CNNVD: CNNVD-201105-059 // NVD: CVE-2011-1900

CREDITS

Indusoft

Trust: 0.3

sources: BID: 47842

SOURCES

db:	IVD	id:	02c7c484-2355-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1873
db:	BID	id:	47842
db:	JVNDB	id:	JVNDB-2011-004589
db:	CNNVD	id:	CNNVD-201105-059
db:	NVD	id:	CVE-2011-1900

LAST UPDATE DATE

2025-04-11T22:59:28.081000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1873	date:	2011-05-16T00:00:00
db:	BID	id:	47842	date:	2011-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-004589	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201105-059	date:	2011-05-06T00:00:00
db:	NVD	id:	CVE-2011-1900	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	02c7c484-2355-11e6-abef-000c29c66e3d	date:	2011-05-16T00:00:00
db:	CNVD	id:	CNVD-2011-1873	date:	2011-05-16T00:00:00
db:	BID	id:	47842	date:	2011-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-004589	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201105-059	date:	2011-05-05T00:00:00
db:	NVD	id:	CVE-2011-1900	date:	2011-05-04T22:55:03.687