CVE-2018-10620

Опубликовано: 19 июл. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.

Ссылки

http://www.securityfocus.com/bid/104870
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
Third Party Advisory
US Government Resource
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/104870
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
Third Party Advisory
US Government Resource
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*

cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*

cpe:2.3:a:aveva:intouch_machine_2017:8.1:*:*:*:*:*:*:*

cpe:2.3:a:aveva:intouch_machine_2017:8.1:sp1:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.05002

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-92qr-7f7r-87vw

CVSS3: 9.8

github

больше 3 лет назад

BDU:2018-00910

CVSS3: 9.8

fstec

больше 7 лет назад

Уязвимость компонента TCP/IP Server HMI/SCADA-систем InduSoft Web Studio и InTouch Machine Edition, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 89%

0.05002

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-121

CWE-787