The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
Base Score: 10
Impact Score: 10
Exploitability Score: 10
Base Score: 9.8
Impact Score: 5.9
Exploitability Score: 3.9
cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:* versions up to 8.1 (inclusive)
cpe:2.3:a:industrial-software:intouch_machine_edition_2017:*:*:*:*:*:*:*:* versions up to 8.1 (inclusive)
|109280||Schneider Electric InduSoft Web Studio / InTouch Machine Edition Opcode 50 mbstowcs() Stack Overflow||Nessus||SCADA|
|109144||Schneider Electric InduSoft Web Studio RCE (Apr 2018)||Nessus||Windows|
|109143||Schneider Electric InTouch Machine Edition RCE (Apr 2018)||Nessus||Windows|