Vulnerabilities > Indusoft > High

DATE CVE VULNERABILITY TITLE RISK
2015-09-25 CVE-2015-7375 Improper Input Validation vulnerability in Indusoft web Studio 6.1/7.0/7.1
Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.
network
low complexity
indusoft CWE-20
7.5
2015-09-25 CVE-2015-7374 Improper Input Validation vulnerability in Indusoft web Studio 6.1/7.0/7.1
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.
network
low complexity
indusoft CWE-20
7.5
2013-03-11 CVE-2013-1627 Path Traversal vulnerability in multiple products
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
network
low complexity
advantech indusoft CWE-22
7.8