VYPR
Critical severity9.8NVD Advisory· Published Jul 24, 2018· Updated Jun 17, 2026

CVE-2018-10628

CVE-2018-10628

Description

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Aveva/Intouchllm-fuzzy2 versions
    <= 2014 R2 SP1, = 2017, = 2017 Update 1, = 2017 Update 2+ 1 more
    • (no CPE)range: <= 2014 R2 SP1, = 2017, = 2017 Update 1, = 2017 Update 2
    • (no CPE)range: 2014 R2 SP1 and prior

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.