Lucene search

K
cve[email protected]CVE-2018-17914
HistoryNov 02, 2018 - 1:29 p.m.

CVE-2018-17914

2018-11-0213:29:00
CWE-258
web.nvd.nist.gov
25
2
cve
2018
17914
indusoft web studio
intouch edge hmi
vulnerability
code execution
unauthenticated user
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.6%

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.

Affected configurations

NVD
Node
avevaindusoft_web_studioMatch6.1sp5
OR
avevaindusoft_web_studioMatch6.1sp6_p3
OR
avevaindusoft_web_studioMatch7.1
OR
avevaindusoft_web_studioMatch7.1sp1
OR
avevaindusoft_web_studioMatch7.1sp2
OR
avevaindusoft_web_studioMatch7.1sp3
OR
avevaindusoft_web_studioMatch7.1sp3_p1
OR
avevaindusoft_web_studioMatch7.1sp3_p2
OR
avevaindusoft_web_studioMatch7.1sp3_p3
OR
avevaindusoft_web_studioMatch7.1sp3_p4
OR
avevaindusoft_web_studioMatch7.1sp3_p5
OR
avevaindusoft_web_studioMatch7.1sp3_p6
OR
avevaindusoft_web_studioMatch7.1sp3_p7
OR
avevaindusoft_web_studioMatch7.1sp3_p8
OR
avevaindusoft_web_studioMatch7.1sp3_p9
OR
avevaindusoft_web_studioMatch8.0
OR
avevaindusoft_web_studioMatch8.0p1
OR
avevaindusoft_web_studioMatch8.0p2
OR
avevaindusoft_web_studioMatch8.0p3
OR
avevaindusoft_web_studioMatch8.0sp1
OR
avevaindusoft_web_studioMatch8.0sp1_p1
OR
avevaindusoft_web_studioMatch8.0sp2
OR
avevaindusoft_web_studioMatch8.0sp2_p1
OR
avevaindusoft_web_studioMatch8.1
OR
avevaindusoft_web_studioMatch8.1p1
OR
avevaindusoft_web_studioMatch8.1sp1
OR
avevaindusoft_web_studioMatch8.1sp1_p1
Node
avevaedgeMatch8.1-
OR
avevaedgeMatch8.1sp1
OR
avevaintouch_machine_edition_2014Matchr2

CNA Affected

[
  {
    "product": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)",
    "vendor": "unknown",
    "versions": [
      {
        "status": "affected",
        "version": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2"
      }
    ]
  }
]

Social References

More

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.6%

Related for CVE-2018-17914