CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.087

EPSS Ranking 92.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/104870
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19
http://www.securityfocus.com/bid/104870
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
https://www.tenable.com/security/research/tra-2018-19

Products affected by CVE-2018-10620

Aveva » Indusoft Web Studio » Version: 8.1

cpe:2.3:a:aveva:indusoft_web_studio:8.1
Aveva » Intouch Machine 2017 » Version: 8.1

cpe:2.3:a:aveva:intouch_machine_2017:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-10620

Products

Pricing

Contact Us