Buffer Overflow Vulnerability in AVEVA InTouch Products
CVE-2018-10628

9.8CRITICAL

Key Information:

Vendor

Aveva Software, Llc.

Status
Intouch
Vendor
CVE Published:
24 July 2018

What is CVE-2018-10628?

The vulnerability allows an unauthenticated user to exploit AVEVA InTouch products by sending a specially crafted packet. This packet can cause a buffer overflow on locales that do not utilize a dot as a floating point separator. If successfully exploited, this could result in remote code execution under the privileges of the InTouch View process, potentially compromising system integrity and control.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

InTouch 2014 R2 SP1 and prior

InTouch 2017

InTouch 2017 Update 1

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02
x_refsource_MISC
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulle...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104864
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.