CVE Vulnerability

CVE-2018-10628

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02 Permissions Required Patch
http://www.securityfocus.com/bid/104864 Broken Link
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127(003).pdf Permissions Required Patch
Configurations

Configuration 1

cpe:2.3:a:aveva:intouch_2017:-:update_1:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_2017:-:update_2:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_2014:r2:sp1:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_2017:-:*:*:*:*:*:*:*
cpe:2.3:a:aveva:intouch_2014:r2:*:*:*:*:*:*:*
Information

Published : 2018-07-24 06:29

Updated : 2019-10-09 11:32

NVD link : CVE-2018-10628

Mitre link : CVE-2018-10628

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer