The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
Base Score: 10
Impact Score: 10
Exploitability Score: 10
Base Score: 9.8
Impact Score: 5.9
Exploitability Score: 3.9
cpe:2.3:a:schneider-electric:wonderware_indusoft_web_studio:*:sp2:*:*:*:*:*:* versions up to 8.0 (inclusive)
cpe:2.3:a:schneider-electric:wonderware_intouch:*:sp2:*:*:machine:*:*:* versions up to 8.0 (inclusive)