Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-13997

EPSS 1.59% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-13997

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric InduSoft Web Studio和InTouch Machine Edition 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric InduSoft Web Studio和InTouch Machine Edition都是法国施耐德电气(Schneider Electric)公司的嵌入式HMI软件包。该产品为HMI客户端提供读取、写入标签和事件监控功能。 Schneider Electric InduSoft Web Studio 8.0 SP2及之前的版本和InTouch Machine Edition 8.0 SP2及之前的版本中存在身份验证绕过漏洞。远程攻击者可利用该漏洞绕过身份验证机制,执
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Schneider Electric InduSoft Web Studio, InTouch Machine Edition Schneider Electric InduSoft Web Studio, InTouch Machine Edition -

II. Public POCs for CVE-2017-13997

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-13997

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-10-02 · 50 CVEs total

CVE-2017-14979Gxlcms 安全漏洞
CVE-2017-9538SolarWinds Network Performance Monitor 安全漏洞
CVE-2017-14988Industrial Light and Magic OpenEXR 资源管理错误漏洞
CVE-2017-14989ImageMagick 安全漏洞
CVE-2017-8018EMC AppSync Host插件安全漏洞
CVE-2017-8021EMC Elastic Cloud Storage 安全漏洞
CVE-2017-14981ATutor 跨站脚本漏洞
CVE-2017-14985EyesOfNetwork web interface 跨站脚本漏洞
CVE-2017-6089PhpCollab SQL注入漏洞
CVE-2017-14990WordPress 加密问题漏洞
CVE-2017-6090PhpCollab 安全漏洞
CVE-2017-14759OpenText Document Sciences xPression 安全漏洞
CVE-2017-14758OpenText Document Sciences xPression SQL注入漏洞
CVE-2017-14757OpenText Document Sciences xPression SQL注入漏洞
CVE-2017-14756OpenText Document Sciences xPression 跨站脚本漏洞
CVE-2017-14755OpenText Document Sciences xPression 跨站脚本漏洞
CVE-2017-14754OpenText Document Sciences xPression 路径遍历漏洞
CVE-2017-11322UCOPIA Wireless Appliance 权限许可和访问控制问题漏洞
CVE-2017-11321UCOPIA Wireless Appliance 安全漏洞
CVE-2015-7980Drupal Compass Rose模块跨站脚本漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-306

V. Comments for CVE-2017-13997

No comments yet

Leave a comment