CVE-2018-10628
published 2018-07-24CVE-2018-10628: AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.43%
91.7th percentile
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | intouch_2014 | — | — |
| aveva_software_llc | intouch | — | — |
| aveva_software_llc | intouch | — | — |
| aveva_software_llc | intouch | — | — |
| aveva_software_llc | intouch | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a stack-based buffer overflow triggered by a specially crafted network packet sent to the InTouch View process; monitor for unexpected remote connections to InTouch HMI systems and anomalous process behavior under the InTouch View process. ↗
- →No authentication is required to trigger the vulnerability; any unauthenticated inbound network packet to the InTouch service should be treated as suspicious in hardened environments. ↗
- →Exploitation is only possible on systems where the OS locale does NOT use a dot ('.') as the floating point separator (e.g., locales using comma as decimal separator); scope detection efforts to such locale configurations. ↗
- ·Only systems running affected versions (InTouch 2014 R2 SP1 and prior, InTouch 2017, 2017 Update 1, 2017 Update 2) AND configured with a non-dot floating point locale are exploitable; patched or dot-locale systems are not vulnerable. ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication; risk is elevated but active exploitation in the wild was not confirmed. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
AVEVA InTouch
cisa_ics·2018-07-19·CVSS 9.8
[CRITICAL] AVEVA InTouch
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
AVEVA InTouch
Last RevisedJuly 19, 2018
Alert CodeICSA-18-200-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: AVEVA Software, LLC. (AVEVA)
- Equipment: InTouch
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI.
Systems are only vulnerable if the operating system locales do not
GHSA
GHSA-w7pp-35f5-xxjq: AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially
ghsa_unreviewed·2022-05-13
CVE-2018-10628 [CRITICAL] CWE-119 GHSA-w7pp-35f5-xxjq: AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/104864https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdfhttp://www.securityfocus.com/bid/104864https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf
2018-07-24
Published