CVE-2018-10628 - OpenCVE

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aveva	Intouch 2014 Intouch 2017

Configuration 1 [-]

OR	cpe:2.3:a:aveva:intouch_2014:r2:::::::*
	cpe:2.3:a:aveva:intouch_2014:r2:sp1::::::
	cpe:2.3:a:aveva:intouch_2017:-:::::::*
	cpe:2.3:a:aveva:intouch_2017:-:update_1::::::
	cpe:2.3:a:aveva:intouch_2017:-:update_2::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104864
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-07-24T18:00:00Z

Updated: 2024-09-16T19:09:25.647Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10628

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-24T18:29:00.233

Modified: 2023-11-07T02:51:31.013

Link: CVE-2018-10628

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "InTouch", "vendor": "AVEVA Software, LLC.", "versions": [{"status": "affected", "version": "2014 R2 SP1 and prior"}, {"status": "affected", "version": "2017"}, {"status": "affected", "version": "2017 Update 1"}, {"status": "affected", "version": "2017 Update 2"}]}], "datePublic": "2018-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf"}, {"name": "104864", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104864"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-07-19T00:00:00", "ID": "CVE-2018-10628", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InTouch", "version": {"version_data": [{"version_value": "2014 R2 SP1 and prior"}, {"version_value": "2017"}, {"version_value": "2017 Update 1"}, {"version_value": "2017 Update 2"}]}}]}, "vendor_name": "AVEVA Software, LLC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"}, {"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127(003).pdf", "refsource": "CONFIRM", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127(003).pdf"}, {"name": "104864", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104864"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.397Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf"}, {"name": "104864", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104864"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10628", "datePublished": "2018-07-24T18:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-16T19:09:25.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aveva:intouch_2014:r2:*:*:*:*:*:*:*", "matchCriteriaId": "072D8283-DF3E-4CE3-A9A2-81E8CF8A9DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2014:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "8C3D1BF4-FA24-4A5E-939D-9F66FD30F380", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2017:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F296574-D8BA-4159-9C0F-36FC9C0A8BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2017:-:update_1:*:*:*:*:*:*", "matchCriteriaId": "4D5EFF01-07DD-4711-8DB6-0534769FD034", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2017:-:update_2:*:*:*:*:*:*", "matchCriteriaId": "CB06E770-CE7C-44F7-A2CC-75E6409BC300", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."}, {"lang": "es", "value": "AVEVA InTouch 2014 R2 SP1 y anteriores, InTouch 2017, InTouch 2017 Update 1 e InTouch 2017 Update 2 permiten que un usuario no autenticado env\u00ede un paquete especialmente manipulado que podr\u00eda sobrescribir el b\u00fafer en un locale que no emplea un separador de punto flotante. Su explotaci\u00f3n podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo bajo los privilegios del proceso InTouch View."}], "id": "CVE-2018-10628", "lastModified": "2023-11-07T02:51:31.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-24T18:29:00.233", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/104864"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Permissions Required", "Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}