Remote code execution in AVEVA InduSoft Web Studio and InTouch Edge HMI
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-17916 CVE-2018-17914 |
| CWE-ID | CWE-121 CWE-258 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
InTouch Edge HMI Server applications / SCADA systems AVEVA Edge Server applications / SCADA systems |
| Vendor | AVEVA Software, LLC. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU15700
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17916
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write. A remote unauthenticated attacker can send a carefully crafted packet to invoke an arbitrary process and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate InduSoft Web Studio version 8.1 SP2.
Update InTouch Edge HMI to version 2017 SP2.
InTouch Edge HMI: before 2017 SP2
AVEVA Edge: before 8.1 SP2
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-305-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Empty password in configuration file
EUVDB-ID: #VU15701
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17914
CWE-ID:
CWE-258 - Empty password in configuration file
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use of empty password in configuration file. A remote unauthenticated attacker can execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate InduSoft Web Studio version 8.1 SP2.
Update InTouch Edge HMI to version 2017 SP2.
InTouch Edge HMI: before 2017 SP2
AVEVA Edge: before 8.1 SP2
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-305-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
