Details of VAR-201811-0105

ID

VAR-201811-0105

CVE

CVE-2018-17916

TITLE

InduSoft Web Studio and InTouch Edge HMI Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012386

DESCRIPTION

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine. The product provides read, write tags and event monitoring functions for HMI clients. An attacker could use this vulnerability to execute code. A stack-based buffer overflow vulnerability 2. A remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2018-17916 // JVNDB: JVNDB-2018-012386 // CNVD: CNVD-2019-45187 // BID: 106015 // IVD: f51f1287-2497-4737-b75b-39068f6ce060 // VULMON: CVE-2018-17916

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f51f1287-2497-4737-b75b-39068f6ce060 // CNVD: CNVD-2019-45187

AFFECTED PRODUCTS

vendor:	indusoft web studio	model:	-	scope:	eq	version:	7.1	Trust: 2.6
vendor:	indusoft web studio	model:	-	scope:	eq	version:	8.0	Trust: 1.6
vendor:	aveva	model:	intouch machine edition 2014	scope:	eq	version:	r2	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	8.1	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	8.0	Trust: 1.6
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	7.1	Trust: 1.0
vendor:	aveva	model:	indusoft web studio	scope:	eq	version:	6.1	Trust: 1.0
vendor:	aveva	model:	edge	scope:	eq	version:	8.1	Trust: 1.0
vendor:	indusoft web studio	model:	-	scope:	eq	version:	8.1	Trust: 0.8
vendor:	aveva	model:	indusoft web studio	scope:	lt	version:	8.1 sp2	Trust: 0.8
vendor:	aveva	model:	intouch edge hmi	scope:	lt	version:	2017 sp2	Trust: 0.8
vendor:	schneider electric	model:	intouch machine edition 2014	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric indusoft web studio sp2	scope:	lt	version:	8.1	Trust: 0.6
vendor:	schneider	model:	electric intouch edge hmiintouch machine edition sp2	scope:	lt	version:	2017	Trust: 0.6
vendor:	aveva	model:	intouch edge hmi	scope:	eq	version:	8.1	Trust: 0.6
vendor:	indusoft web studio	model:	-	scope:	eq	version:	6.1	Trust: 0.4
vendor:	intouch edge hmi	model:	-	scope:	eq	version:	8.1	Trust: 0.4
vendor:	schneider electric	model:	intouch edge hmi	scope:	eq	version:	2017	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp1	scope:	eq	version:	8.1	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	8.1	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2 patch	scope:	eq	version:	8.01	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2	scope:	eq	version:	8.0	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio patch	scope:	eq	version:	7.1.3.55	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp patch	scope:	eq	version:	7.1.3.434	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.4	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio	scope:	eq	version:	7.1.3.2	Trust: 0.3
vendor:	schneider electric	model:	intouch edge hmi sp2	scope:	ne	version:	2017	Trust: 0.3
vendor:	schneider electric	model:	indusoft web studio sp2	scope:	ne	version:	8.1	Trust: 0.3
vendor:	intouch machine edition 2014	model:	r2	scope:	-	version:	-	Trust: 0.2

sources: IVD: f51f1287-2497-4737-b75b-39068f6ce060 // CNVD: CNVD-2019-45187 // BID: 106015 // JVNDB: JVNDB-2018-012386 // CNNVD: CNNVD-201811-019 // NVD: CVE-2018-17916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17916
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-17916
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-45187
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-019
value:	CRITICAL
Trust: 0.6
IVD:	f51f1287-2497-4737-b75b-39068f6ce060
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2018-17916
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-17916
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-45187
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f51f1287-2497-4737-b75b-39068f6ce060
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-17916
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-17916
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: f51f1287-2497-4737-b75b-39068f6ce060 // CNVD: CNVD-2019-45187 // VULMON: CVE-2018-17916 // JVNDB: JVNDB-2018-012386 // CNNVD: CNNVD-201811-019 // NVD: CVE-2018-17916

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2018-012386 // NVD: CVE-2018-17916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-019

TYPE

Buffer error

Trust: 0.8

sources: IVD: f51f1287-2497-4737-b75b-39068f6ce060 // CNNVD: CNNVD-201811-019

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012386

PATCH

title:	AVEVA Security Bulletin LFSEC00000130	url:	https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf	Trust: 0.8
title:	トップページ	url:	https://www.se.com/jp/ja/	Trust: 0.8
title:	Patch for Schneider Electric InduSoft Web Studio and InTouch Edge HMI Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/193949	Trust: 0.6
title:	Schneider Electric InduSoft Web Studio and InTouch Edge HMI Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86565	Trust: 0.6

sources: CNVD: CNVD-2019-45187 // JVNDB: JVNDB-2018-012386 // CNNVD: CNNVD-201811-019

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17916	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-305-01	Trust: 3.4
db:	TENABLE	id:	TRA-2018-34	Trust: 1.7
db:	CNVD	id:	CNVD-2019-45187	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-019	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-012386	Trust: 0.8
db:	BID	id:	106015	Trust: 0.3
db:	IVD	id:	F51F1287-2497-4737-B75B-39068F6CE060	Trust: 0.2
db:	VULMON	id:	CVE-2018-17916	Trust: 0.1

sources: IVD: f51f1287-2497-4737-b75b-39068f6ce060 // CNVD: CNVD-2019-45187 // VULMON: CVE-2018-17916 // BID: 106015 // JVNDB: JVNDB-2018-012386 // CNNVD: CNNVD-201811-019 // NVD: CVE-2018-17916

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-305-01	Trust: 3.5
url:	https://www.tenable.com/security/research/tra-2018-34	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17916	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17916	Trust: 0.8
url:	http://www.indusoft.com/indusoftart.php?catid=1&name=iws/webstudio	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-45187 // VULMON: CVE-2018-17916 // BID: 106015 // JVNDB: JVNDB-2018-012386 // CNNVD: CNNVD-201811-019 // NVD: CVE-2018-17916

CREDITS

Tenable

Trust: 0.3

sources: BID: 106015

SOURCES

db:	IVD	id:	f51f1287-2497-4737-b75b-39068f6ce060
db:	CNVD	id:	CNVD-2019-45187
db:	VULMON	id:	CVE-2018-17916
db:	BID	id:	106015
db:	JVNDB	id:	JVNDB-2018-012386
db:	CNNVD	id:	CNNVD-201811-019
db:	NVD	id:	CVE-2018-17916

LAST UPDATE DATE

2024-11-23T22:12:17.793000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-45187	date:	2019-12-13T00:00:00
db:	VULMON	id:	CVE-2018-17916	date:	2021-04-08T00:00:00
db:	BID	id:	106015	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-012386	date:	2019-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201811-019	date:	2020-09-21T00:00:00
db:	NVD	id:	CVE-2018-17916	date:	2024-11-21T03:55:12.170

SOURCES RELEASE DATE

db:	IVD	id:	f51f1287-2497-4737-b75b-39068f6ce060	date:	2019-12-13T00:00:00
db:	CNVD	id:	CNVD-2019-45187	date:	2019-12-12T00:00:00
db:	VULMON	id:	CVE-2018-17916	date:	2018-11-02T00:00:00
db:	BID	id:	106015	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-012386	date:	2019-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201811-019	date:	2018-11-02T00:00:00
db:	NVD	id:	CVE-2018-17916	date:	2018-11-02T13:29:00.323