Vulnerabilities > CVE-2018-10620 - Out-of-bounds Write vulnerability in Aveva Indusoft web Studio and Intouch Machine 2017
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/104870
- http://www.securityfocus.com/bid/104870
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
- https://www.tenable.com/security/research/tra-2018-19
- https://www.tenable.com/security/research/tra-2018-19