CVE-2018-8840

Name of the Vulnerable Software and Affected Versions InduSoft Web Studio versions 8.1 and prior InTouch Machine Edition 2017 versions 8.1 and prior

Description A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action, such as read and write, which may allow remote code execution. The issue is caused by a stack-based buffer overflow. Exploitation of the issue may allow a remote attacker to execute arbitrary code using specially crafted packets.

Recommendations For InduSoft Web Studio versions 8.1 and prior, consider disabling tag, alarm, or event related actions until a patch is available. For InTouch Machine Edition 2017 versions 8.1 and prior, restrict access to the system during read and write actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.