Main Vulnerability Database Vulnerabilities #VU11894

#VU11894 Stack-based buffer overflow in InTouch Edge HMI and AVEVA Edge - CVE-2018-8840

Published: April 17, 2018 / Updated: April 18, 2018

Vulnerability identifier: #VU11894

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8840

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
InTouch Edge HMI
AVEVA Edge

Software vendor:
AVEVA Software, LLC.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow. A remote unauthenticated attacker can send a carefully crafted packet during a tag, alarm, or event related action such as read and write, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 8.1 SP1.

External links

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/%20

#VU11894 Stack-based buffer overflow in InTouch Edge HMI and AVEVA Edge - CVE-2018-8840

Description

Remediation

External links

Please verify you're human