CVE-2018-8840

EPSS 8.4%CWE-121

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Produtos afetados

ICS-CERT · Schneider Electric InduSoft Web Studio and InTouch Machine Edition

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01 http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/https://www.tenable.com/security/research/tra-2018-07 http://www.securityfocus.com/bid/103949