QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-13997

Back to search

CVE-2017-13997

Published: Oct 2, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.

VendorProductVersions

n/a

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

affected
Schneider Electric InduSoft Web Studio, InTouch Machine Edition

Weaknesses (CWE)

CWE-306

References

100952
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now