CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_machine_2017:8.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_machine_2017:8.1:sp1:*:*:*:*:*:*

History

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf', 'name': 'https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf', 'tags': ['Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf -

Information

Published : 2018-07-19 19:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-10620

Mitre link : CVE-2018-10620

CVE.ORG link : CVE-2018-10620


JSON object : View

Products Affected

aveva

  • indusoft_web_studio
  • intouch_machine_2017
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow