You are here

AVEVA InTouch (ICSA-18-200-02) – Product Used in the Water and Wastewater and Energy Sectors

AVEVA InTouch (ICSA-18-200-02) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, July 19, 2018 - 16:32
Categories:
Cybersecurity

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InTouch. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI. Systems are only vulnerable if the operating system locales do not use a dot floating point separator. AVEVA recommends a series of mitigation measures for each version of the software affected. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.