AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE
critical Nessus Plugin ID 122186
Language:
Synopsis
The AVEVA InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) is affected by a remote code execution vulnerability.Description
The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to multiple flaws in the TCPIP server listening on the default ports 1234 and 51234. Specifically, the server does not require authentication for command 66 received from a remote client and it can be instructed to read a database connection configuration file from an external host. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to execute arbitrary code under the privileges of the IWS or InTouch Edge HMI runtime.Solution
Apply InduSoft Web Studio v8.1 SP3 or later / InTouch Edge HMI (formerly InTouch Machine Edition) 2017 Update 3 or later.See Also
Plugin Details
Severity: Critical
ID: 122186
File Name: scada_aveva_iws_iteh_cmd_66_rce.nbin
Version: 1.31
Type: remote
Family: SCADA
Published: 2/14/2019
Updated: 3/8/2023
Configuration: Enable thorough checks
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS Score Source: CVE-2019-6543
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:schneider_electric:indusoft_web_studio, x-cpe:/a:schneider_electric:wonderware_intouch_machine_edition, x-cpe:/a:aveva:intouch_edge_hmi
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/4/2019
Vulnerability Publication Date: 2/4/2019
Reference Information
CVE: CVE-2019-6543, CVE-2019-6545
ICSA: 19-036-01
TRA: TRA-2019-04