← Back to home
ICSA-14-107-02  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

InduSoft Web Studio Directory Traversal Vulnerability

CVSS 9.8 CRITICAL CISA KEV — Known Exploited

CVEs (1)

Remediations

  • InduSoft did not intend for this web server to be used in real applications. It was provided as demonstration/training software (as stated in user manuals). They have created a mitigation for this vulnerability in InduSoft Web Studio v7.1+Service Pack 2+ Patch 4. Users may obtain this patch at the following location (you must be logged into your InduSoft account): (http://download.indusoft.com/71.2.4/IWS71.2.4.zip)
  • InduSoft technical support can be contacted at: (mailto:[email protected])

Affected Vendors

InduSoft

Affected Products (1)

InduSoft · Web Studio 7.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more