Buffer overflow vulnerabilities in AVEVA HMI solutions

buffer overflow vulnerabilities have been identified in AVEVA HMI solutions. The vulnerabilities could allow remote code execution.

The first vulnerability, CVE-2018-10620, affects the following solutions: InduSoft Web Studio, InTouch Machine Edition 2017 versions 8.1 and 8.1 SP1. The vulnerability could allow a remote attacker to execute arbitrary code on the target system. This can be achieved by sending a specially crafted packet during tag, alarm or event related actions such as read and write.

The above products are vulnerable only if the TCP/IP sever task is enabled.

The second vulnerability, CVE-2018-10628, has been identified in the following HMI platforms: InTouch 2014 and InTouch 2017. Successful exploitation of the vulnerability could lead to a compromise of the InTouch HMI, since it could allow an unauthenticated remote user to execute arbitrary code under the privileges of the InTouch View process.

A system is affected by the vulnerability only if the operating system’s locale does not use a dot floating point separator.

A CVSS v.3 base score of 9.8 has been calculated for each of the above vulnerabilities.

The vendor has developed patches that fix the above vulnerabilities.

Source: AVEVA