CVE-2018-17914
published 2018-11-02CVE-2018-17914: InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.57%
90.4th percentile
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | edge | — | — |
| aveva | indusoft_web_studio | — | — |
| aveva | indusoft_web_studio | — | — |
| aveva | indusoft_web_studio | — | — |
| aveva | indusoft_web_studio | — | — |
| aveva | intouch_machine_edition_2014 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-17914 is triggered when remote communication security is not enabled or a password is left blank in the configuration file — detect unauthenticated remote connections to InduSoft Web Studio / InTouch Edge HMI runtime ports where no authentication challenge is observed ↗
- →Monitor for unauthenticated remote code execution attempts against InduSoft Web Studio or InTouch Edge HMI runtime processes; any process spawned by the runtime from a remote packet should be treated as suspicious ↗
- →Alert on crafted packets sent during tag, alarm, or event-related actions (read/write) to InduSoft Web Studio remote communication ports — these are the attack vectors for the companion stack-based buffer overflow (CVE-2018-17916) on the same affected products ↗
- ·The unencrypted communication channel must be explicitly disabled; having it enabled alongside a blank password is the exploitable condition for CVE-2018-17914 ↗
- ·No known public exploits specifically targeted these vulnerabilities at time of advisory publication ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjh8-jwcf-pmgc: InduSoft Web Studio versions prior to 8
ghsa_unreviewed·2022-05-13
CVE-2018-17914 [CRITICAL] GHSA-xjh8-jwcf-pmgc: InduSoft Web Studio versions prior to 8
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
CISA ICS
AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
cisa_ics·2018-11-01·CVSS 9.8
[CRITICAL] AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
Last RevisedNovember 01, 2018
Alert CodeICSA-18-305-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: AVEVA Software, LLC. (AVEVA)
- Equipment: InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
- Vulnerabilities: Stack-based Buffer Overflow, Empty Password in Configuration File
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated user to remotely execute cod
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-02
Published