Description
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nin3 · pythonwebappswindows
https://www.exploit-db.com/exploits/23132
References (1)
Core 1
Core References
Various Sources x_refsource_misc
http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf
Scores
EPSS
0.0898
EPSS Percentile
92.6%
Details
CWE
CWE-22
Status
published
Products (4)
advantech/advantech_studio
6.1 (2 CPE variants)
indusoft/web_studio
6.1 (2 CPE variants)
indusoft/web_studio
7.0
indusoft/web_studio
7.0b2 hotfix7.0.01.04
Published
Mar 11, 2013
Tracked Since
Feb 18, 2026