Vulnerability CVE-2018-17914


Published: 2018-11-02

Description:
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Aveva -> Indusoft web studio 
Aveva -> Intouch edge hmi 
Aveva -> Intouch machine edition 2014 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01
https://www.tenable.com/security/research/tra-2018-34

Copyright 2024, cxsecurity.com

 

Back to Top