Vulnerabilities > CVE-2018-17914 - Unspecified vulnerability in Aveva products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

aveva

critical

NVD

Published: 2018-11-02

Updated: 2021-04-08

Summary

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva Indusoft WEB Studio 8.1 Aveva Indusoft WEB Studio 8.0 Aveva Indusoft WEB Studio 7.1 Aveva Indusoft WEB Studio 6.1 Aveva Intouch Machine Edition 2014 R2 Aveva Edge 8.1	30

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01
https://www.tenable.com/security/research/tra-2018-34