9.8
CVE-2018-10628
- EPSS 5.61%
- Veröffentlicht 24.07.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:41
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aveva ≫ Intouch 2014 Versionr2
Aveva ≫ Intouch 2014 Versionr2 Updatesp1
Aveva ≫ Intouch 2017 Version-
Aveva ≫ Intouch 2017 Version- Updateupdate_1
Aveva ≫ Intouch 2017 Version- Updateupdate_2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.61% | 0.899 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).