Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Schneider Electric InduSoft Web Studio和InTouch Machine Edition 安全漏洞
Vulnerability Description
Schneider Electric InduSoft Web Studio和InTouch Machine Edition都是法国施耐德电气(Schneider Electric)公司的嵌入式HMI软件包。该产品为HMI客户端提供读取、写入标签和事件监控功能。 Schneider Electric InduSoft Web Studio 8.0 SP2及之前的版本和InTouch Machine Edition 8.0 SP2及之前的版本中存在身份验证绕过漏洞。远程攻击者可利用该漏洞绕过身份验证机制,执
CVSS Information
N/A
Vulnerability Type
N/A