CVE-2017-14024

Published: Nov 13, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.

Affected (2)

Products: Schneider Electric: Wonderware Indusoft Web Studio, Wonderware Intouch

Schneider Electric

2 products

Wonderware Indusoft Web Studio

Wonderware Intouch

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Wonderware Indusoft Web Studio	Up to 8.0
Schneider Electric Wonderware Intouch	Up to 8.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://www.securityfocus.com/bid/101779

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/101779

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.