CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2018-8840
https://notcve.org/view.php?id=CVE-2018-8840
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. Un atacante remoto podría enviar un paquete cuidadosamente manipulado en InduSoft Web Studio, en versiones 8.1 y anteriores, y/o en InTouch Machine Edition 2017, en versiones 8.1 y anteriores, durante una acción relacionada con una etiqueta, alarma o evento como la lectura o escritura. Esto podría permitir la ejecución remota de código. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125 http://www.securityfocus.com/bid/103949 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01 https://www.tenable.com/security/research/tra-2018-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •