CVE-2017-7968

Published: May 19, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.

Affected (1)

Products: Schneider Electric: Wonderware Indusoft Web Studio

Schneider Electric

1 product

Wonderware Indusoft Web Studio

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Wonderware Indusoft Web Studio	Up to 8.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02

Source: cybersecurity@se.com

Vendor Advisory

http://www.securityfocus.com/bid/98544

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02

Source: cybersecurity@se.com

Third Party AdvisoryUS Government Resource

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/98544

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.