{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T17:57:13.011","vulnerabilities":[{"cve":{"id":"CVE-2018-10628","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-07-24T18:29:00.233","lastModified":"2026-06-17T01:34:18.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process."},{"lang":"es","value":"AVEVA InTouch 2014 R2 SP1 y anteriores, InTouch 2017, InTouch 2017 Update 1 e InTouch 2017 Update 2 permiten que un usuario no autenticado envíe un paquete especialmente manipulado que podría sobrescribir el búfer en un locale que no emplea un separador de punto flotante. Su explotación podría permitir la ejecución remota de código bajo los privilegios del proceso InTouch View."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AVEVA Software, LLC.","product":"InTouch","versions":[{"version":"2014 R2 SP1 and prior","status":"affected"},{"version":"2017","status":"affected"},{"version":"2017 Update 1","status":"affected"},{"version":"2017 Update 2","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:intouch_2014:r2:*:*:*:*:*:*:*","matchCriteriaId":"072D8283-DF3E-4CE3-A9A2-81E8CF8A9DC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:intouch_2014:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"8C3D1BF4-FA24-4A5E-939D-9F66FD30F380"},{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:intouch_2017:-:*:*:*:*:*:*:*","matchCriteriaId":"1F296574-D8BA-4159-9C0F-36FC9C0A8BE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:intouch_2017:-:update_1:*:*:*:*:*:*","matchCriteriaId":"4D5EFF01-07DD-4711-8DB6-0534769FD034"},{"vulnerable":true,"criteria":"cpe:2.3:a:aveva:intouch_2017:-:update_2:*:*:*:*:*:*","matchCriteriaId":"CB06E770-CE7C-44F7-A2CC-75E6409BC300"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104864","source":"ics-cert@hq.dhs.gov","tags":["Broken Link"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02","source":"ics-cert@hq.dhs.gov","tags":["Patch","Permissions Required","Third Party Advisory","US Government Resource"]},{"url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/104864","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Permissions Required","Third Party Advisory","US Government Resource"]},{"url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec127%28003%29.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}