Lucene search
K

73 matches found

ThreatPost
ThreatPost
added 2018/05/02 2:13 p.m.35 views

Schneider Electric Patches Critical RCE Vulnerability

Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations. Tenable Research, who discovered the vulnerability CVE-2018-8840 and created a...

10CVSS0.4AI score0.08431EPSS
Exploits0References9
exploitpack
exploitpack
added 2018/05/02 12:0 a.m.29 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service What do you need to know? Tenable Research has discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. What's the attack vector? The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.45 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

What do you need to know? Tenable Research has discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. What's the attack vector? The vulnerability can be remotely exploited without authentication to execute arbitrary...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/23 12:0 a.m.18 views

Schneider Electric InduSoft Web Studio / InTouch Machine Edition Opcode 50 mbstowcs() Stack Overflow

Binary data scadaschneiderelectriciwsitmeopcode50stackoverflow.nbin...

10CVSS7.3AI score0.08431EPSS
Exploits0References3
CNVD
CNVD
added 2018/04/19 12:0 a.m.6 views

Schneider Electric InduSoft Web Studio and InTouch Machine Editiony Buffer Overflow Vulnerability

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric France. The products provide HMI clients with read and write tagging and event monitoring capabilities. A stack-based buffer overflow vulnerability exists in Schneide...

10CVSS7.6AI score0.08431EPSS
Exploits0References1
OSV
OSV
added 2018/04/18 8:29 p.m.4 views

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...

9.8CVSS6AI score0.08431EPSS
Exploits0References4
NVD
NVD
added 2018/04/18 8:29 p.m.20 views

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...

10CVSS9.7AI score0.08431EPSS
Exploits0References4
Prion
Prion
added 2018/04/18 8:29 p.m.17 views

Remote code execution

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...

10CVSS9.5AI score0.08431EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2018/04/18 8:29 p.m.5 views

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...

10CVSS6AI score0.08431EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2018/04/18 8:0 p.m.19 views

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...

9.6AI score0.08431EPSS
Exploits0References4
CVE
CVE
added 2018/04/18 8:0 p.m.62 views

CVE-2018-8840

The CVE-2018-8840 issue is a stack-based buffer overflow in Schneider Electric InduSoft Web Studio (v8.1 and earlier) and InTouch Machine Edition 2017 (v8.1 and earlier). The vulnerability allows a remote attacker to trigger arbitrary code execution by sending a crafted packet during tag, alarm, ...

10CVSS9.5AI score0.08431EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.23 views

Schneider Electric InTouch Machine Edition RCE (Apr 2018)

An installed version of Schneider Electric InTouch Machine Edition is vulnerable to RCE and therefore requires a security update. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109143; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

10CVSS9.4AI score0.08431EPSS
Exploits0References4
ICS
ICS
added 2018/04/17 12:0 a.m.51 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 9.8 Attention : Exploitable remotely/low skill level to exploit. Vendor : Schneider Electric Software, LLC Equipment : InduSoft Web Studio, InTouch Machine Edition Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this...

10CVSS10AI score0.08431EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.8 views

The vulnerability of Schneider Electric InTouch Machine Edition and InduSoft Web Studio HMI/SCADA systems lies in their authentication procedures, which allow attackers to execute arbitrary commands and gain full control over the server.

The vulnerability of Schneider Electric InTouch Machine Edition and InduSoft Web Studio HMI/SCADA systems is related to deficiencies in the authentication process for HMI clients. Exploiting this vulnerability allows a malicious actor to bypass the authentication process, execute arbitrary...

10CVSS8.1AI score0.05053EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/11/20 12:0 a.m.21 views

InTouch Machine Edition Unspecified Stack Buffer Overflow Vulnerability - Windows

InTouch Machine Edition is prone to an unspecified stack buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS9.8AI score0.05834EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/11/20 12:0 a.m.12 views

InTouch Machine Edition Detection (Windows SMB Login)

Detects the installed version of InTouch Machine Edition. The script logs in via smb, searches for InTouch Machine Edition in the registry and gets the version from SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

7.3AI score
Exploits0
OSV
OSV
added 2017/11/13 8:29 p.m.5 views

CVE-2017-14024

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code executi...

9.8CVSS6.6AI score0.05834EPSS
Exploits0References2
Prion
Prion
added 2017/11/13 8:29 p.m.13 views

Stack overflow

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code executi...

10CVSS9.9AI score0.05834EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2017/11/13 8:29 p.m.12 views

CVE-2017-14024

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code executi...

10CVSS10AI score0.05834EPSS
Exploits0References2
CVE
CVE
added 2017/11/13 8:0 p.m.62 views

CVE-2017-14024

Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and earlier, and InTouch Machine Edition v8.0 SP2 Patch 1 and earlier, are affected by CVE-2017-14024 due to a stack-based buffer overflow. The vulnerability may allow remote code execution with high privileges. Exploitation can occur remote...

10CVSS9.9AI score0.05834EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder