cbcvebase.
CVE-2018-8840
published 2018-04-18

CVE-2018-8840: A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.43%
94.3th percentile
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
ics-certschneider_electric_indusoft_web_studio_and_intouch_machine_edition
indusoftweb_studio<= 8.1
industrial-softwareintouch_machine_edition_2017<= 8.1

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger detection on crafted packets sent during tag, alarm, or event related actions (read/write) targeting InduSoft Web Studio or InTouch Machine Edition — these are the specific protocol operations that trigger the stack-based buffer overflow
  • The vulnerability is exploitable remotely without authentication (no credentials required); alert on unauthenticated connections to InduSoft/InTouch listener ports from external or untrusted network segments
  • Reference Nessus Plugin ID 109280 for detection of CVE-2018-8840 in vulnerability scanning pipelines targeting InduSoft Web Studio and InTouch Machine Edition
  • CVSS v3 base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) — network-accessible, no privileges, no user interaction required; prioritize detection on any network path to these HMI services
  • ·Vendor security bulletin LFSEC00000125 provides additional patch guidance; detection should account for systems that have not yet applied SP1
  • ·The overflow is triggered specifically during tag, alarm, or event related actions — detection logic should focus on these protocol operation types rather than all traffic to the service

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.