CVE-2018-8840

Summary

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTSchneider Electric InduSoft Web Studio and InTouch Machine EditionInduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions.affected

Weaknesses

  • CWE-121: STACK-BASED BUFFER OVERFLOW CWE-121

ADP Enrichment

CVE Program Container

Additional References

References