CVE-2018-10628

Summary

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

Affected Software

VendorProductVersion RangeStatus
AVEVA Software, LLC.InTouch2014 R2 SP1 and prioraffected
AVEVA Software, LLC.InTouch2017affected
AVEVA Software, LLC.InTouch2017 Update 1affected
AVEVA Software, LLC.InTouch2017 Update 2affected

Weaknesses

  • CWE-121: STACK-BASED BUFFER OVERFLOW CWE-121

ADP Enrichment

CVE Program Container

Additional References

References