exploitDog

GHSA-794x-w4ff-7p84

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Ссылки

EPSS

Процентиль: 97%

0.3757

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-8840

CVSS3: 9.8

nvd

почти 8 лет назад

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

BDU:2018-00788

CVSS3: 9.8

fstec

почти 8 лет назад

Уязвимость HMI/SCADA-систем InduSoft Web Studio и InTouch Machine Edition, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%

0.3757

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-119