The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling certain command messages to the TCPIP server listening on the default port 1234. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to execute arbitrary code.
Binary data scada_aveva_iws_iteh_unisoft_stack_overflow.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
aveva | intouch_edge_hmi | x-cpe:/a:aveva:intouch_edge_hmi | |
schneider_electric | wonderware_intouch_machine_edition | x-cpe:/a:schneider_electric:wonderware_intouch_machine_edition | |
schneider_electric | indusoft_web_studio | cpe:/a:schneider_electric:indusoft_web_studio |