CVE-2018-8840
published 2018-04-18CVE-2018-8840: A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior…
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.43%
94.3th percentile
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | schneider_electric_indusoft_web_studio_and_intouch_machine_edition | — | — |
| indusoft | web_studio | <= 8.1 | — |
| industrial-software | intouch_machine_edition_2017 | <= 8.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger detection on crafted packets sent during tag, alarm, or event related actions (read/write) targeting InduSoft Web Studio or InTouch Machine Edition — these are the specific protocol operations that trigger the stack-based buffer overflow ↗
- →The vulnerability is exploitable remotely without authentication (no credentials required); alert on unauthenticated connections to InduSoft/InTouch listener ports from external or untrusted network segments ↗
- →Reference Nessus Plugin ID 109280 for detection of CVE-2018-8840 in vulnerability scanning pipelines targeting InduSoft Web Studio and InTouch Machine Edition ↗
- →CVSS v3 base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) — network-accessible, no privileges, no user interaction required; prioritize detection on any network path to these HMI services ↗
- ·Vendor security bulletin LFSEC00000125 provides additional patch guidance; detection should account for systems that have not yet applied SP1 ↗
- ·The overflow is triggered specifically during tag, alarm, or event related actions — detection logic should focus on these protocol operation types rather than all traffic to the service ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric InduSoft Web Studio and InTouch Machine Edition
cisa_ics·2018-04-25·CVSS 9.8
[CRITICAL] Schneider Electric InduSoft Web Studio and InTouch Machine Edition
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric InduSoft Web Studio and InTouch Machine Edition
Last RevisedApril 25, 2018
Alert CodeICSA-18-107-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- Attention: Exploitable remotely/low skill level to exploit.
- Vendor: Schneider Electric Software, LLC
- Equipment: InduSoft Web Studio, InTouch Machine Edition
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device.
GHSA
GHSA-794x-w4ff-7p84: A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8
ghsa_unreviewed·2022-05-13
CVE-2018-8840 [CRITICAL] CWE-119 GHSA-794x-w4ff-7p84: A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
No detection rules found.
No public exploits indexed.
Tenable
[R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution
blogs_tenable·2018-07-18
[R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Research: April Vulnerability Disclosure Roundup
blogs_tenable·2018-05-11
Tenable Research: April Vulnerability Disclosure Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Research: April Vulnerability Disclosure Roundup
blogs_tenable·2018-05-11·CVSS 9.8
[CRITICAL] Tenable Research: April Vulnerability Disclosure Roundup
Blog / Research
Subscribe
# Tenable Research: April Vulnerability Disclosure Roundup
Tenable Research
May 11, 2018
2 Min Read
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable Research in April.
You can access all Tenable Research advisories here.
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Critical Remote Code Execution Vulnerability
CVE ID: CVE-2018-8840
Nessus Plugin ID: 109280
Tenable Research Advisory: TRA-2018-07
Risk Factor: Critical
What do you need to know?
Te
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/http://www.securityfocus.com/bid/103949https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01https://www.tenable.com/security/research/tra-2018-07http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/http://www.securityfocus.com/bid/103949https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01https://www.tenable.com/security/research/tra-2018-07
2018-04-18
Published