CVE-2018-8840

CVE-2018-8840

Vendor Ics-Cert
Product Schneider Electric InduSoft Web Studio and InTouch Machine Edition
Weakness CWE-121
Published April 18, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Key dates

02Disclosure timeline

April 18, 2018 CVE published
September 16, 2024 Record updated