CVE-2018-8840

🗓️ 18 Apr 2018 20:00:00Reported by icscertType

Remote code execution vulnerability in InduSoft Web Studio and InTouch Machine Editio

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2018-8840	18 Apr 201820:29	–	attackerkb
BDU FSTEC	The vulnerability of HMI/SCADA systems provided by InduSoft Web Studio and InTouch Machine Edition arises from buffer overflows in the stack. This allows attackers to execute arbitrary code.	14 Jun 201800:00	–	bdu_fstec
CNVD	Schneider Electric InduSoft Web Studio and InTouch Machine Editiony Buffer Overflow Vulnerability	19 Apr 201800:00	–	cnvd
Check Point Advisories	Aveva Indusoft Web Studio Remote Code Execution (CVE-2018-8840)	29 Dec 201900:00	–	checkpoint_advisories
CVE	CVE-2018-8840	18 Apr 201820:00	–	cve
ICS	Schneider Electric InduSoft Web Studio and InTouch Machine Edition	17 Apr 201800:00	–	ics
NVD	CVE-2018-8840	18 Apr 201820:29	–	nvd
Prion	Remote code execution	18 Apr 201820:29	–	prion
Tenable Nessus	Schneider Electric InTouch Machine Edition RCE (Apr 2018)	18 Apr 201800:00	–	nessus
Tenable Nessus	Schneider Electric InduSoft Web Studio / InTouch Machine Edition Opcode 50 mbstowcs() Stack Overflow	23 Apr 201800:00	–	nessus

[
  {
    "product": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition",
    "vendor": "ICS-CERT",
    "versions": [
      {
        "status": "affected",
        "version": "InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions."
      }
    ]
  }
]

Source	Link
tenable	www.tenable.com/security/research/tra-2018-07
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-107-01
software	www.software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/
securityfocus	www.securityfocus.com/bid/103949

24 Apr 2018 09:57Current

9.6High risk

Vulners AI Score9.6

EPSS0.3757

CWE-121