cnvd - cnvd-2019-45187

CNVD-2019-45187

Vulnerability from cnvd - Published: 2019-12-12

Title

Schneider Electric InduSoft Web Studio和InTouch Edge HMI缓冲区溢出漏洞

Description

Schneider Electric InduSoft Web Studio和InTouch Edge HMI（前称InTouch Machine Edition）都是法国施耐德电气（Schneider Electric）公司的嵌入式HMI软件包。该产品为HMI客户端提供读取、写入标签和事件监控功能。 Schneider Electric InduSoft Web Studio和InTouch Edge HMI存在缓冲区溢出漏洞。攻击者可利用该漏洞执行代码。

Severity

高

Patch Name

Schneider Electric InduSoft Web Studio和InTouch Edge HMI缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.schneider-electric.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01

Impacted products

Name
['Schneider Electric InduSoft Web Studio <8.1 SP2', 'Schneider Electric InTouch Edge HMIInTouch Machine Edition <2017 SP2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17916",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17916"
    }
  },
  "description": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\uff08\u524d\u79f0InTouch Machine Edition\uff09\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002\u8be5\u4ea7\u54c1\u4e3aHMI\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bfb\u53d6\u3001\u5199\u5165\u6807\u7b7e\u548c\u4e8b\u4ef6\u76d1\u63a7\u529f\u80fd\u3002\n\nSchneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-45187",
  "openTime": "2019-12-12",
  "patchDescription": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\uff08\u524d\u79f0InTouch Machine Edition\uff09\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u5d4c\u5165\u5f0fHMI\u8f6f\u4ef6\u5305\u3002\u8be5\u4ea7\u54c1\u4e3aHMI\u5ba2\u6237\u7aef\u63d0\u4f9b\u8bfb\u53d6\u3001\u5199\u5165\u6807\u7b7e\u548c\u4e8b\u4ef6\u76d1\u63a7\u529f\u80fd\u3002\r\n\r\nSchneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric InduSoft Web Studio \u003c8.1 SP2",
      "Schneider Electric InTouch Edge HMIInTouch Machine Edition \u003c2017 SP2"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-06",
  "title": "Schneider Electric InduSoft Web Studio\u548cInTouch Edge HMI\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2018-17916 (GCVE-0-2018-17916)

Vulnerability from cvelistv5 – Published: 2018-11-02 13:00 – Updated: 2024-08-05 11:01

Summary

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.

Severity ?

No CVSS data available.

CWE

CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01	x_refsource_MISC
	https://www.tenable.com/security/research/tra-2018-34	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	unknown	InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)	Affected: InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2018-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)",
          "vendor": "unknown",
          "versions": [
            {
              "status": "affected",
              "version": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2"
            }
          ]
        }
      ],
      "datePublic": "2018-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-03T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2018-34"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "unknown"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2018-34",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2018-34"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17916",
    "datePublished": "2018-11-02T13:00:00",
    "dateReserved": "2018-10-02T00:00:00",
    "dateUpdated": "2024-08-05T11:01:14.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-45187

CVE-2018-17916 (GCVE-0-2018-17916)

Tags

Sightings

Nomenclature