CVE-2018-17914

Published Nov 2, 2018

Last updated 4 days ago

CVSS critical 9.8

Overview

Description: InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

ics-cert@hq.dhs.gov: CWE-258
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C7C2429-3A6B-4552-B12D-CBA00563907D"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp6_p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05020B8D-DB30-4BDA-9BD3-0C7C4804859B"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E9450D-F600-4DC6-8C72-8D79974B6802"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2CB5BAC-BFCE-41C2-A25C-3E6CB218FBD6"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBFEECD4-C454-4A47-9B81-91699C325DC3"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A62CC412-F399-40B7-8000-A4A707F7F6F1"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "127CC5C8-822A-4630-813E-5AE39BEBD5A2"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D90DF6B-B281-48D3-8672-25294990E611"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8721C8BE-1946-4030-B056-67A6B42BCDCA"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C07C446B-6125-46D7-BDC4-11849BA6A72D"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4A9403-5D1E-464F-8B40-D554F4A7C3AE"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDFC8512-2971-48C3-9576-0FA74B59406B"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2991440-E8EB-4AB1-A861-2A263C443DEF"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23DA9BCB-F9BD-4F9F-A77E-95210C270539"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD1C359C-61FA-4E5F-81CA-991BCB8CD9A8"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D07A836A-535F-437E-BD25-1D833BD63327"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAD4BA73-691D-4E12-936C-7B0F0A0AFF0F"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D515729F-9316-470F-8D18-34B674E8F5D4"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "542A2064-3D3D-4EF0-AEF5-3D8C45BD8CA6"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C282BFD-02D9-4F80-BBD9-B84B0703D07A"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92E5DA1B-459C-44B2-9E0B-2B88C985DA98"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "186D0227-8791-44E0-8B80-2AE0427B69D7"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDA36D8C-6CE2-4C5B-A4E2-68031D97516D"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7B550C6-160F-480D-8B70-92C6D236C3EA"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C809DC5-73DC-4E00-ABAB-558844CE2103"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC7F3AAD-E423-4CA2-BB78-AC7B081338D3"
          },
          {
            "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "870D0F41-F2CE-4693-8815-5527A6E5ECD9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:aveva:edge:8.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1EF7073-1651-4E3D-8E7E-5F380A098E50"
          },
          {
            "criteria": "cpe:2.3:a:aveva:edge:8.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "799F6063-CD93-4F74-A3F9-941AED66FCBB"
          },
          {
            "criteria": "cpe:2.3:a:aveva:intouch_machine_edition_2014:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67AB4CF8-A2C6-4B0D-87EB-62617943F705"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References