CVE-2013-1627
Published Mar 11, 2013
Last updated 12 years ago
Overview
- Description
- Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FDDF09B-92F4-4CAC-8897-07C281ACCF65"
},
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:sp6_61.6.01.05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2F2836-EF2C-4110-8740-0F32957B0FCA"
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82BF1958-F098-4E55-B97C-F15253A63228"
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:sp6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88A43470-16F3-4B89-A8A3-8B77880A315D"
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9033E5E6-3FC5-448A-BA52-A03DDEA638A6"
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:7.0b2:hotfix7.0.01.04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FB9C6B8-8C0B-4AD1-9F20-034F3A025C19"
}
],
"operator": "OR"
}
]
}
]