Stack-based Buffer Overflow in InduSoft Web Studio and InTouch Edge HMI
CVE-2018-17916

9.8CRITICAL

Key Information:

Vendor: Unknown
Status: Indusoft Web Studio, And Intouch Edge Hmi (formerly Intouch Machine Edition)
Vendor: CVE Published:; 2 November 2018

What is CVE-2018-17916?

A stack-based buffer overflow vulnerability exists in InduSoft Web Studio and InTouch Edge HMI, allowing remote attackers to exploit the system via crafted packets. This can occur during tag, alarm, or event-related actions. If the remote communication security of InduSoft Web Studio is disabled or the password is not set, an attacker could execute arbitrary code with the privileges of the affected runtime. This poses significant risks to the InduSoft Web Studio or InTouch Edge HMI server, leading to potential system compromise.

Affected Version(s)

InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition) InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01

x_refsource_MISC

https://www.tenable.com/security/research/tra-2018-34

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Oct 2, 2018

Unknown

What is CVE-2018-17916?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline