CVE-2017-14024

CWE-119Buffer Overflow3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.5%
top 12.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric Wonderware Indusoft WEB StudioSchneider-electric Wonderware Intouch
Timeline
PublishedNov 13
Latest updateMay 17

Description

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5schneider_electric_indusoft_web_studio_and_intouch_machine_editionSchneider Electric InduSoft Web Studio and InTouch Machine Edition

🔴Vulnerability Details

2
GHSA
GHSA-2jvh-v7p9-q42p: A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v82022-05-17
CVEList
CVE-2017-14024: A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v82017-11-13
CVE-2017-14024 (CRITICAL CVSS 9.8) | A Stack-based Buffer Overflow issue | cvebase.io