cnvd - cnvd-2019-05107

CNVD-2019-05107

Vulnerability from cnvd - Published: 2019-02-22

Title

Schneider Electric InduSoft Web Studio和InTouch Edge HMI代码执行漏洞

Description

Schneider Electric InduSoft Web Studio和InTouch Edge HMI（前称InTouch Machine Edition）都是法国施耐德电气（Schneider Electric）公司的嵌入式HMI软件包。该产品为HMI客户端提供读取、写入标签和事件监控功能。 Schneider Electric InduSoft Web Studio 8.1 SP2之前版本和InTouch Edge HMI 2017 SP2之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行代码。

Severity

高

Patch Name

Schneider Electric InduSoft Web Studio和InTouch Edge HMI代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01

Impacted products

Name
['Schneider Electric InduSoft Web Studio <8.1 SP2', 'Schneider Electric InTouch Edge HMIInTouch Machine Edition <2017 SP2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17914",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17914"
    }
  },
  "description": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\uff08\u524d\u79f0InTouch Machine Edition\uff09\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002\u8be5\u4ea7\u54c1\u4e3aHMI\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bfb\u53d6\u3001\u5199\u5165\u6807\u7b7e\u548c\u4e8b\u4ef6\u76d1\u63a7\u529f\u80fd\u3002\n\nSchneider Electric InduSoft Web Studio 8.1 SP2\u4e4b\u524d\u7248\u672c\u548cInTouch Edge HMI 2017 SP2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-05107",
  "openTime": "2019-02-22",
  "patchDescription": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\uff08\u524d\u79f0InTouch Machine Edition\uff09\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002\u8be5\u4ea7\u54c1\u4e3aHMI\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bfb\u53d6\u3001\u5199\u5165\u6807\u7b7e\u548c\u4e8b\u4ef6\u76d1\u63a7\u529f\u80fd\u3002\r\n\r\nSchneider Electric InduSoft Web Studio 8.1 SP2\u4e4b\u524d\u7248\u672c\u548cInTouch Edge HMI 2017 SP2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric InduSoft Web Studio \u003c8.1 SP2",
      "Schneider Electric InTouch Edge HMIInTouch Machine Edition \u003c2017 SP2"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-06",
  "title": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-17914 (GCVE-0-2018-17914)

Vulnerability from cvelistv5 – Published: 2018-11-02 13:00 – Updated: 2024-08-05 11:01

Summary

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.

Severity ?

No CVSS data available.

CWE

CWE-258 - EMPTY PASSWORD IN CONFIGURATION FILE CWE-258

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01	x_refsource_MISC
	https://www.tenable.com/security/research/tra-2018-34	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	unknown	InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)	Affected: InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2018-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)",
          "vendor": "unknown",
          "versions": [
            {
              "status": "affected",
              "version": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2"
            }
          ]
        }
      ],
      "datePublic": "2018-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-258",
              "description": "EMPTY PASSWORD IN CONFIGURATION FILE CWE-258",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-03T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2018-34"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "unknown"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EMPTY PASSWORD IN CONFIGURATION FILE CWE-258"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2018-34",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2018-34"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17914",
    "datePublished": "2018-11-02T13:00:00",
    "dateReserved": "2018-10-02T00:00:00",
    "dateUpdated": "2024-08-05T11:01:14.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-05107

CVE-2018-17914 (GCVE-0-2018-17914)

Tags

Sightings

Nomenclature