CVE Vulnerability

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01 Third Party Advisory US Government Resource
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/ Third Party Advisory
https://www.tenable.com/security/research/tra-2018-07 Third Party Advisory
http://www.securityfocus.com/bid/103949 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:industrial-software:intouch_machine_edition_2017:*:*:*:*:*:*:*:*
Information

Published : 2018-04-18 08:29

Updated : 2019-10-09 11:42

NVD link : CVE-2018-8840

Mitre link : CVE-2018-8840

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer