Schneider Electric InduSoft Web Studio / InTouch Machine Edition Opcode 50 mbstowcs() Stack Overflow
Critical Nessus Plugin ID 109280
SynopsisThe Schneider Electric InduSoft Web Studio or InTouch Machine Edition is affected by a remote code execution vulnerability.
DescriptionThe Schneider Electric InduSoft Web Studio (IWS) or InTouch Machine Edition (ITME) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling Opcode 50 in the TCPIP server listening on the default port 1234. An unauthenticated, remote attacker can exploit this issue, via a specially crafted packet, to execute arbitrary code.
SolutionUpgrade to InduSoft Web Studio v8.1 SP1 or later and InTouch Machine Edition 2017 v8.1 SP1 or later.