Remote Code Execution Vulnerability in InduSoft Web Studio and InTouch Edge HMI by InduSoft
CVE-2018-17914

9.8CRITICAL

Key Information:

Vendor: Unknown
Status: Indusoft Web Studio, And Intouch Edge Hmi (formerly Intouch Machine Edition)
Vendor: CVE Published:; 2 November 2018

What is CVE-2018-17914?

A vulnerability in InduSoft Web Studio and InTouch Edge HMI allows an unauthenticated user to remotely execute code, potentially gaining unauthorized access to system resources and data. This exposure impacts applications running prior to specified versions, which utilize these platforms for industrial control and automation tasks. Proper security measures should be implemented to mitigate potential risks associated with this vulnerability.

Affected Version(s)

InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition) InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01

x_refsource_MISC

https://www.tenable.com/security/research/tra-2018-34

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Oct 2, 2018

Unknown

What is CVE-2018-17914?

Affected Version(s)

References

CVSS V3.1

Timeline