CVE-2018-8840

Sažetak

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Reference

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/
http://www.securityfocus.com/bid/103949
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01
https://www.tenable.com/security/research/tra-2018-07

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-10-2019 - 23:42

Objavljeno

18-04-2018 - 20:29