CVE-2013-1627

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.

Published: Mar 11, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1627
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
indusoft / web_studio	6.1	6.1.x
advantech / advantech_studio	6.1	6.1.x
advantech / advantech_studio	6.1-sp6_61.6.01.05	6.1-sp6_61.6.01.05.x
indusoft / web_studio	7.0b2-hotfix7.0.01.04	7.0b2-hotfix7.0.01.04.x
indusoft / web_studio	6.1-sp6	6.1-sp6.x
indusoft / web_studio	7.0	7.0.x

http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf

Vulnerability Database

289,697

CVE-2013-1627