Details of VAR-201710-0794

ID

VAR-201710-0794

CVE

CVE-2017-13997

TITLE

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-009427

DESCRIPTION

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. Multiple Schneider Electric Products are prone to an authentication-bypass vulnerability. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2017-13997 // JVNDB: JVNDB-2017-009427 // CNVD: CNVD-2017-27937 // BID: 100952 // IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // VULMON: CVE-2017-13997

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // CNVD: CNVD-2017-27937

AFFECTED PRODUCTS

vendor:	schneider electric	model:	wonderware indusoft web studio	scope:	lte	version:	8.0	Trust: 1.0
vendor:	schneider electric	model:	wonderware intouch	scope:	lte	version:	8.0	Trust: 1.0
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	8.0 sp2 or earlier	Trust: 0.8
vendor:	schneider electric	model:	intouch machine	scope:	eq	version:	edition 8.0 sp2 or earlier	Trust: 0.8
vendor:	schneider	model:	electric indusoft web studio sp2	scope:	lte	version:	<=8.0	Trust: 0.6
vendor:	schneider	model:	electric intouch machine edition sp2	scope:	lte	version:	<=8.0	Trust: 0.6
vendor:	schneider electric	model:	wonderware indusoft web studio	scope:	eq	version:	8.0	Trust: 0.6
vendor:	schneider electric	model:	wonderware intouch	scope:	eq	version:	8.0	Trust: 0.6
vendor:	schneider electric	model:	intouch machine edition sp2	scope:	eq	version:	8.0	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2	scope:	eq	version:	8.0	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.4	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.2	Trust: 0.3
vendor:	wonderware indusoft web studio	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wonderware intouch	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // CNVD: CNVD-2017-27937 // BID: 100952 // JVNDB: JVNDB-2017-009427 // CNNVD: CNNVD-201709-1090 // NVD: CVE-2017-13997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13997
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-13997
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-27937
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-1090
value:	CRITICAL
Trust: 0.6
IVD:	0ad8ab4d-3f4e-446e-82bb-a9142f084e36
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2017-13997
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-13997
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-27937
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0ad8ab4d-3f4e-446e-82bb-a9142f084e36
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-13997
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // CNVD: CNVD-2017-27937 // VULMON: CVE-2017-13997 // JVNDB: JVNDB-2017-009427 // CNNVD: CNNVD-201709-1090 // NVD: CVE-2017-13997

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2017-009427 // NVD: CVE-2017-13997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1090

TYPE

Access control error

Trust: 0.8

sources: IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // CNNVD: CNNVD-201709-1090

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009427

PATCH

title:	LFSEC00000124	url:	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000124/	Trust: 0.8
title:	Patch for Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/102615	Trust: 0.6
title:	Schneider Electric InduSoft Web Studio and InTouch Machine Edition Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75077	Trust: 0.6

sources: CNVD: CNVD-2017-27937 // JVNDB: JVNDB-2017-009427 // CNNVD: CNNVD-201709-1090

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13997	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-264-01	Trust: 3.4
db:	BID	id:	100952	Trust: 2.0
db:	CNVD	id:	CNVD-2017-27937	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1090	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009427	Trust: 0.8
db:	IVD	id:	0AD8AB4D-3F4E-446E-82BB-A9142F084E36	Trust: 0.2
db:	VULMON	id:	CVE-2017-13997	Trust: 0.1

sources: IVD: 0ad8ab4d-3f4e-446e-82bb-a9142f084e36 // CNVD: CNVD-2017-27937 // VULMON: CVE-2017-13997 // BID: 100952 // JVNDB: JVNDB-2017-009427 // CNNVD: CNNVD-201709-1090 // NVD: CVE-2017-13997

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-264-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/100952	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13997	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13997	Trust: 0.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-27937 // VULMON: CVE-2017-13997 // BID: 100952 // JVNDB: JVNDB-2017-009427 // CNNVD: CNNVD-201709-1090 // NVD: CVE-2017-13997

CREDITS

Aaron Portnoy.

Trust: 0.9

sources: BID: 100952 // CNNVD: CNNVD-201709-1090

SOURCES

db:	IVD	id:	0ad8ab4d-3f4e-446e-82bb-a9142f084e36
db:	CNVD	id:	CNVD-2017-27937
db:	VULMON	id:	CVE-2017-13997
db:	BID	id:	100952
db:	JVNDB	id:	JVNDB-2017-009427
db:	CNNVD	id:	CNNVD-201709-1090
db:	NVD	id:	CVE-2017-13997

LAST UPDATE DATE

2025-04-20T23:32:03.965000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-27937	date:	2017-09-22T00:00:00
db:	VULMON	id:	CVE-2017-13997	date:	2019-10-09T00:00:00
db:	BID	id:	100952	date:	2017-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-009427	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201709-1090	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-13997	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	0ad8ab4d-3f4e-446e-82bb-a9142f084e36	date:	2017-09-22T00:00:00
db:	CNVD	id:	CNVD-2017-27937	date:	2017-09-22T00:00:00
db:	VULMON	id:	CVE-2017-13997	date:	2017-10-03T00:00:00
db:	BID	id:	100952	date:	2017-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-009427	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201709-1090	date:	2017-09-26T00:00:00
db:	NVD	id:	CVE-2017-13997	date:	2017-10-03T01:29:01.857