Privilege Escalation via Incorrect Default Permissions in Schneider Electric Wonderware InduSoft Web Studio

Privilege Escalation via Incorrect Default Permissions in Schneider Electric Wonderware InduSoft Web Studio

CVE-2017-7968 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.

Learn more about our Web App Pen Testing.