Home -> Resources -> SCADA/ICS Vulnerability Reference -> InduSoft Web Studio

InduSoft Web Studio Multiple Remote Vulnerabilities

November 15, 2011

Security research Luigi Auriemma has discovered two vulnerabilities in the InduSoft Web Studio software and coordinated this disclosure with Tipping Point (part of Hewlett-Packard) as ZDI-11-329 and ZDI-11-330.

These vulnerabilities exploit unauthenticated remote code execution which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

1) An error due to the remote agent component (CEServer.exe) listening on port 4322/tcp not authenticating incoming requests can be exploited to e.g. create files or load arbitrary DLLs.

2) A boundary error within the remote agent component (CEServer.exe) when handling the remove file operation (0x15) can be exploited to cause a stack-based buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

Zero Day Initiative has coordinated with InduSoft, who has produced a patch that mitigates these vulnerabilities.

According to InduSoft, these vulnerabilities affect the following products:
-  InduSoft Web Studio Versions 6.1 and 7.0.

ICS-CERT Advisories / Alerts

ICSA-11-319-01

Vendor Website (include Patches / Hotfixes)

InduSoft Home Page
InduSoft Web Studio Product Info
InduSoft Product Trial Downloads
InduSoft Security Updates and Hotfixes

Exploit Proof-of-Concept

No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-4051
NVD CVE-2011-4051
CVE-2011-4052
NVD CVE-2011-4052

Additional Information

Open-Source Vulnerability Database #77178
Open-Source Vulnerability Database #77179
Secunia Advisory #46871
Secunia Advisory #46875
Secunia Vulnerability Report and Statistics on InduSoft Web Studio 6.x
Secunia Vulnerability Report and Statistics on InduSoft Web Studio 7.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50675
Security Focus Vulnerability Info and Exploit Bugtraq ID 50677
Zero Day Intiative - ZDI-11-329
Zero Day Intiative - ZDI-11-330

Patches for InduSoft Vulnerabilities (ISSSource)