AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104870 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01 | Third Party Advisory US Government Resource |
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf | |
https://www.tenable.com/security/research/tra-2018-19 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-07-19T00:00:00
Updated: 2018-07-27T09:57:01
Reserved: 2018-05-01T00:00:00
Link: CVE-2018-10620
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-19T19:29:00.217
Modified: 2023-11-07T02:51:30.897
Link: CVE-2018-10620
JSON object: View
Redhat Information
No data.