InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01 | Mitigation Third Party Advisory US Government Resource |
https://www.tenable.com/security/research/tra-2018-34 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-11-02T13:00:00
Updated: 2018-11-03T09:57:01
Reserved: 2018-10-02T00:00:00
Link: CVE-2018-17914
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-02T13:29:00.230
Modified: 2021-04-08T18:09:17.717
Link: CVE-2018-17914
JSON object: View
Redhat Information
No data.