PT-2018-14266 · Indusoft+1 · Indusoft Web Studio+1

Published

2018-11-02

Updated

2021-04-08

CVE-2018-17914

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InduSoft Web Studio versions prior to 8.1 SP2 InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

Description This issue could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI runtime.

Recommendations For InduSoft Web Studio versions prior to 8.1 SP2, update to version 8.1 SP2 or later. For InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2, update to version 2017 SP2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-258

Related Identifiers

CVE-2018-17914

Affected Products

Intouch Edge Hmi

Indusoft Web Studio

PT-2018-14266 · Indusoft+1 · Indusoft Web Studio+1

CVE-2018-17914

Weakness Enumeration

Related Identifiers

Affected Products

References · 5