AVEVA InTouch Updates Available

Thursday, July 19, 2018 @ 02:07 PM gHale

AVEVA Software, LLC. (AVEVA) has updated software to mitigate a stack-based buffer overflow in its InTouch, according to NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by George Lashenko of CyberX, could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI. Systems are only vulnerable if the operating system locales do not use a dot floating point separator.

RELATED STORIES
AVEVA Hotfix for Stack-Based Buffer Overflow
ABB Looking to Fix Panel Builder 800
WAGO Fixes e!DISPLAY Holes
PEPPERL+FUCHS Releases Vulnerability Guidelines

The following versions of AVEVA InTouch, a HMI Platform, suffer from the issue:
• InTouch 2014 R2 SP1 and prior
• InTouch 2017
• InTouch 2017 Update 1
• InTouch 2017 Update 2

In the vulnerability, an unauthenticated user could send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

CVE-2018-10628 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the critical manufacturing, energy, food and agriculture, chemical, and water and wastewater sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

AVEVA recommends the following mitigations for each version of software affected:
1. InTouch 2014 R2 SP1 – Apply HF-11_1_SP1/CR149705 as soon as possible. Those using versions of InTouch older than 2014 R2 SP1 should first upgrade to a supported version of InTouch and then apply the corresponding hotfix. (login required)

2. InTouch 2017 Update 2 – Apply HF-17_2/CR149706 as soon as possible. Those using InTouch 2017 or 2017 Update 1 should first upgrade to InTouch 2017 Update 2, then apply HF-17_2/CR149706. (login required)

For more information AVEVA released a Security Bulletin.

Click here to contact AVEVA support.



Leave a Reply

You must be logged in to post a comment.