CVE-2018-17916Stack-based Buffer Overflow in Edge

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
9.8%
top 7.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Aveva EdgeAveva Indusoft WEB StudioAveva Intouch Machine Edition 2014
Timeline
PublishedNov 2
Latest updateMay 13

Description

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDaveva/indusoft_web_studio4 versions+3
NVDaveva/edge8.1

🔴Vulnerability Details

2
GHSA
GHSA-2fr8-jp4p-fff3: InduSoft Web Studio versions prior to 82022-05-13
CVEList
CVE-2018-17916: InduSoft Web Studio versions prior to 82018-11-02
CVE-2018-17916 — Stack-based Buffer Overflow in Edge | cvebase