AVEVA InTouch CVE-2018-10628 Stack Based Buffer Overflow Vulnerability
BID:104864
CVE-2018-10628 |Info
AVEVA InTouch CVE-2018-10628 Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 104864 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-10628 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 19 2018 12:00AM |
| Updated: | Jul 19 2018 12:00AM |
| Credit: | George Lashenko of CyberX. |
| Vulnerable: |
Schneider-Electric AVEVA InTouch 2017 Update 2 Schneider-Electric AVEVA InTouch 2017 Update 1 Schneider-Electric AVEVA InTouch 2017 Schneider-Electric AVEVA InTouch 2014 R2 SP1 |
| Not Vulnerable: | |
Discussion
AVEVA InTouch CVE-2018-10628 Stack Based Buffer Overflow Vulnerability
AVEVA InTouch is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the privileges of the InTouch View process. Failed exploit attempts will likely cause a denial-of-service condition.
AVEVA InTouch is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the privileges of the InTouch View process. Failed exploit attempts will likely cause a denial-of-service condition.
Exploit / POC
AVEVA InTouch CVE-2018-10628 Stack Based Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]