CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
avevaindusoft_web_studio
8.1
avevaindusoft_web_studio
8.1:sp1
avevaintouch_machine_2017
8.1
avevaintouch_machine_2017
8.1:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104870
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19
http://www.securityfocus.com/bid/104870
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19