Vulnerability Description
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Indusoft Web Studio | 8.1 |
| Aveva | Intouch Machine 2017 | 8.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104870Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01Third Party AdvisoryUS Government Resource
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LF
- https://www.tenable.com/security/research/tra-2018-19ExploitThird Party Advisory
- http://www.securityfocus.com/bid/104870Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01Third Party AdvisoryUS Government Resource
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LF
- https://www.tenable.com/security/research/tra-2018-19ExploitThird Party Advisory
FAQ
What is CVE-2018-10620?
CVE-2018-10620 is a vulnerability with a CVSS score of 9.8 (CRITICAL). AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnera...
How severe is CVE-2018-10620?
CVE-2018-10620 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10620?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Indusoft Web Studio, Aveva Intouch Machine 2017.