cbcvebase.
CVE-2018-17914
published 2018-11-02

CVE-2018-17914: InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.57%
90.4th percentile
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.

Affected

6 ranges
VendorProductVersion rangeFixed in
avevaedge
avevaindusoft_web_studio
avevaindusoft_web_studio
avevaindusoft_web_studio
avevaindusoft_web_studio
avevaintouch_machine_edition_2014

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-17914 is triggered when remote communication security is not enabled or a password is left blank in the configuration file — detect unauthenticated remote connections to InduSoft Web Studio / InTouch Edge HMI runtime ports where no authentication challenge is observed
  • Monitor for unauthenticated remote code execution attempts against InduSoft Web Studio or InTouch Edge HMI runtime processes; any process spawned by the runtime from a remote packet should be treated as suspicious
  • Alert on crafted packets sent during tag, alarm, or event-related actions (read/write) to InduSoft Web Studio remote communication ports — these are the attack vectors for the companion stack-based buffer overflow (CVE-2018-17916) on the same affected products
  • ·The unencrypted communication channel must be explicitly disabled; having it enabled alongside a blank password is the exploitable condition for CVE-2018-17914
  • ·No known public exploits specifically targeted these vulnerabilities at time of advisory publication

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.