CVE-2014-0780 — InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

2022-04-15 • CISA Known Exploited Vulnerability

[event] InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	InduSoft
Product	Web Studio
CWE	CWE-22
CVE ID	CVE-2014-0780
Date Added	2022-04-15
Due Date	2022-05-06
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-06

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2014-0780