CVE-2017-7968 Information

Description

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation Wonderware InduSoft Web Studio creates a new directory and two files which are placed in the system’s path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02 http://www.securityfocus.com/bid/98544 https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8