Details of VAR-201811-0104

ID

VAR-201811-0104

CVE

CVE-2018-17914

TITLE

InduSoft Web Studio and InTouch Edge HMI Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-012385

DESCRIPTION

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. The product provides read, write tag and event monitoring for HMI clients. A remote attacker could exploit the vulnerability to execute code. A stack-based buffer overflow vulnerability 2. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2018-17914 // JVNDB: JVNDB-2018-012385 // CNVD: CNVD-2019-05107 // BID: 106015 // IVD: 7d867ac0-463f-11e9-84dd-000c29342cb1 // VULMON: CVE-2018-17914

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d867ac0-463f-11e9-84dd-000c29342cb1 // CNVD: CNVD-2019-05107

AFFECTED PRODUCTS

vendor:	indusoft web studio	model:	-	scope:	eq	version:	7.1	Trust: 2.6
vendor:	indusoft web studio	model:	-	scope:	eq	version:	8.0	Trust: 1.6
vendor:	aveva	model:	intouch machine edition 2014	scope:	eq	version:	r2	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	8.1	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	8.0	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	7.1	Trust: 1.0
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	6.1	Trust: 1.0
vendor:	aveva	model:	edge	scope:	eq	version:	8.1	Trust: 1.0
vendor:	indusoft web studio	model:	-	scope:	eq	version:	8.1	Trust: 0.8
vendor:	aveva	model:	indusoft web studio	scope:	lt	version:	8.1 sp2	Trust: 0.8
vendor:	aveva	model:	intouch edge hmi	scope:	lt	version:	2017 sp2	Trust: 0.8
vendor:	schneider electric	model:	intouch machine edition 2014	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric indusoft web studio sp2	scope:	lt	version:	8.1	Trust: 0.6
vendor:	schneider	model:	electric intouch edge hmiintouch machine edition sp2	scope:	lt	version:	2017	Trust: 0.6
vendor:	aveva	model:	intouch edge hmi	scope:	eq	version:	8.1	Trust: 0.6
vendor:	indusoft web studio	model:	-	scope:	eq	version:	6.1	Trust: 0.4
vendor:	intouch edge hmi	model:	-	scope:	eq	version:	8.1	Trust: 0.4
vendor:	schneider electric	model:	intouch edge hmi	scope:	eq	version:	2017	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp1	scope:	eq	version:	8.1	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	8.1	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2 patch	scope:	eq	version:	8.01	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2	scope:	eq	version:	8.0	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio patch	scope:	eq	version:	7.1.3.55	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp patch	scope:	eq	version:	7.1.3.434	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.4	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.2	Trust: 0.3
vendor:	schneider electric	model:	intouch edge hmi sp2	scope:	ne	version:	2017	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2	scope:	ne	version:	8.1	Trust: 0.3
vendor:	intouch machine edition 2014	model:	r2	scope:	-	version:	-	Trust: 0.2

sources: IVD: 7d867ac0-463f-11e9-84dd-000c29342cb1 // CNVD: CNVD-2019-05107 // BID: 106015 // JVNDB: JVNDB-2018-012385 // CNNVD: CNNVD-201811-020 // NVD: CVE-2018-17914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17914
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-17914
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-05107
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-020
value:	CRITICAL
Trust: 0.6
IVD:	7d867ac0-463f-11e9-84dd-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2018-17914
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-17914
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-05107
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d867ac0-463f-11e9-84dd-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-17914
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-17914
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 7d867ac0-463f-11e9-84dd-000c29342cb1 // CNVD: CNVD-2019-05107 // VULMON: CVE-2018-17914 // JVNDB: JVNDB-2018-012385 // CNNVD: CNNVD-201811-020 // NVD: CVE-2018-17914

PROBLEMTYPE DATA

problemtype:	CWE-258	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-012385 // NVD: CVE-2018-17914

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-020

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201811-020

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012385

PATCH

title:	AVEVA Security Bulletin LFSEC00000130	url:	https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf	Trust: 0.8
title:	トップページ	url:	https://www.se.com/jp/ja/	Trust: 0.8
title:	Patch for Schneider Electric InduSoft Web Studio and InTouch Edge HMI Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/154315	Trust: 0.6
title:	Schneider Electric InduSoft Web Studio and InTouch Edge HMI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86566	Trust: 0.6

sources: CNVD: CNVD-2019-05107 // JVNDB: JVNDB-2018-012385 // CNNVD: CNNVD-201811-020

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17914	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-305-01	Trust: 3.4
db:	TENABLE	id:	TRA-2018-34	Trust: 1.7
db:	CNVD	id:	CNVD-2019-05107	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-020	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-012385	Trust: 0.8
db:	BID	id:	106015	Trust: 0.3
db:	IVD	id:	7D867AC0-463F-11E9-84DD-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2018-17914	Trust: 0.1

sources: IVD: 7d867ac0-463f-11e9-84dd-000c29342cb1 // CNVD: CNVD-2019-05107 // VULMON: CVE-2018-17914 // BID: 106015 // JVNDB: JVNDB-2018-012385 // CNNVD: CNNVD-201811-020 // NVD: CVE-2018-17914

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-305-01	Trust: 3.5
url:	https://www.tenable.com/security/research/tra-2018-34	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17914	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17914	Trust: 0.8
url:	http://www.indusoft.com/indusoftart.php?catid=1&name=iws/webstudio	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-05107 // VULMON: CVE-2018-17914 // BID: 106015 // JVNDB: JVNDB-2018-012385 // CNNVD: CNNVD-201811-020 // NVD: CVE-2018-17914

CREDITS

Tenable

Trust: 0.3

sources: BID: 106015

SOURCES

db:	IVD	id:	7d867ac0-463f-11e9-84dd-000c29342cb1
db:	CNVD	id:	CNVD-2019-05107
db:	VULMON	id:	CVE-2018-17914
db:	BID	id:	106015
db:	JVNDB	id:	JVNDB-2018-012385
db:	CNNVD	id:	CNNVD-201811-020
db:	NVD	id:	CVE-2018-17914

LAST UPDATE DATE

2024-11-23T22:12:17.833000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-05107	date:	2019-02-25T00:00:00
db:	VULMON	id:	CVE-2018-17914	date:	2021-04-08T00:00:00
db:	BID	id:	106015	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-012385	date:	2019-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201811-020	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-17914	date:	2024-11-21T03:55:11.897

SOURCES RELEASE DATE

db:	IVD	id:	7d867ac0-463f-11e9-84dd-000c29342cb1	date:	2019-02-24T00:00:00
db:	CNVD	id:	CNVD-2019-05107	date:	2019-02-22T00:00:00
db:	VULMON	id:	CVE-2018-17914	date:	2018-11-02T00:00:00
db:	BID	id:	106015	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-012385	date:	2019-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201811-020	date:	2018-11-02T00:00:00
db:	NVD	id:	CVE-2018-17914	date:	2018-11-02T13:29:00.230