QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10628

Published: Jul 24, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

Vendor	Product	Versions
AVEVA Software, LLC.	InTouch	affected `2014 R2 SP1 and prior` affected `2017` affected `2017 Update 1` affected `2017 Update 2`

Weaknesses (CWE)

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02

x_refsource_MISC

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.