Overview

Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software.

CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user.

CVE-2018-17914 stems from an empty password in the configuration file. An unauthorized attacker could exploit this vulnerability to remotely execute code with the same privilege as that of the affected software. (mais…)