Buffer Overflow Vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition
CVE-2018-10620

9.8CRITICAL

Key Information:

Vendor

Aveva Software, Llc

Status
Indusoft Web Studio
Intouch Machine Edition
Vendor
CVE Published:
19 July 2018

What is CVE-2018-10620?

The vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition enables a remote attacker to exploit a stack-based buffer overflow. This can occur through carefully crafted packets during actions related to tags, alarms, or events, such as reading and writing, potentially allowing for arbitrary code execution. Addressing this vulnerability is crucial to safeguard sensitive industrial control systems and prevent unauthorized access.

Affected Version(s)

InduSoft Web Studio v8.1 and v8.1SP1

InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1

References

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulle...
x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2018-19
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.