cve-2018-10628
Vulnerability from cvelistv5
Published
2018-07-24 18:00
Modified
2024-09-16 19:09
Severity ?
Summary
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.
Impacted products
AVEVA Software, LLC.InTouch
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf"
          },
          {
            "name": "104864",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104864"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InTouch",
          "vendor": "AVEVA Software, LLC.",
          "versions": [
            {
              "status": "affected",
              "version": "2014 R2 SP1 and prior"
            },
            {
              "status": "affected",
              "version": "2017"
            },
            {
              "status": "affected",
              "version": "2017 Update 1"
            },
            {
              "status": "affected",
              "version": "2017 Update 2"
            }
          ]
        }
      ],
      "datePublic": "2018-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-25T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf"
        },
        {
          "name": "104864",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104864"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-07-19T00:00:00",
          "ID": "CVE-2018-10628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InTouch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2014 R2 SP1 and prior"
                          },
                          {
                            "version_value": "2017"
                          },
                          {
                            "version_value": "2017 Update 1"
                          },
                          {
                            "version_value": "2017 Update 2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AVEVA Software, LLC."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02"
            },
            {
              "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127(003).pdf",
              "refsource": "CONFIRM",
              "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127(003).pdf"
            },
            {
              "name": "104864",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104864"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-10628",
    "datePublished": "2018-07-24T18:00:00Z",
    "dateReserved": "2018-05-01T00:00:00",
    "dateUpdated": "2024-09-16T19:09:25.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-10628\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-07-24T18:29:00.233\",\"lastModified\":\"2023-11-07T02:51:31.013\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.\"},{\"lang\":\"es\",\"value\":\"AVEVA InTouch 2014 R2 SP1 y anteriores, InTouch 2017, InTouch 2017 Update 1 e InTouch 2017 Update 2 permiten que un usuario no autenticado env\u00ede un paquete especialmente manipulado que podr\u00eda sobrescribir el b\u00fafer en un locale que no emplea un separador de punto flotante. Su explotaci\u00f3n podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo bajo los privilegios del proceso InTouch View.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:intouch_2014:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"072D8283-DF3E-4CE3-A9A2-81E8CF8A9DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:intouch_2014:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C3D1BF4-FA24-4A5E-939D-9F66FD30F380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:intouch_2017:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F296574-D8BA-4159-9C0F-36FC9C0A8BE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:intouch_2017:-:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D5EFF01-07DD-4711-8DB6-0534769FD034\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:intouch_2017:-:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB06E770-CE7C-44F7-A2CC-75E6409BC300\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104864\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Permissions Required\",\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.