CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_machine_2017:8.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_machine_2017:8.1:sp1:*:*:*:*:*:*

History

21 Nov 2024, 03:41

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/104870 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104870 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01 - Third Party Advisory, US Government Resource
References () https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf - () https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf -
References () https://www.tenable.com/security/research/tra-2018-19 - Exploit, Third Party Advisory () https://www.tenable.com/security/research/tra-2018-19 - Exploit, Third Party Advisory

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf', 'name': 'https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf', 'tags': ['Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf -

Information

Published : 2018-07-19 19:29

Updated : 2024-11-21 03:41


NVD link : CVE-2018-10620

Mitre link : CVE-2018-10620

CVE.ORG link : CVE-2018-10620


JSON object : View

Products Affected

aveva

  • intouch_machine_2017
  • indusoft_web_studio
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write