Vulnerabilities > CVE-2018-10620 - Out-of-bounds Write vulnerability in Aveva Indusoft web Studio and Intouch Machine 2017

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

aveva

CWE-787

critical

NVD

Published: 2018-07-19

Updated: 2023-11-07

Summary

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva Intouch Machine 2017 8.1 Aveva Indusoft WEB Studio 8.1	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
https://www.tenable.com/security/research/tra-2018-19
http://www.securityfocus.com/bid/104870
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf