CVE-2017-7968

CVE-2017-7968

Vendor N/A
Product Schneider Electric Wonderware InduSoft Web Studio
Weakness CWE-276
Published May 19, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.

Key dates

02Disclosure timeline

May 19, 2017 CVE published
August 5, 2024 Record updated