CVE-2018-14810
First published: Thu Oct 04 2018(Updated: )
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| We-con Pi Studio | <=4.2.34 | |
| We-con Pi Studio Hmi | <=4.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14810?
CVE-2018-14810 has a high severity rating due to the potential for remote code execution in administrative contexts.
How do I fix CVE-2018-14810?
To fix CVE-2018-14810, upgrade PI Studio HMI to version 4.2.35 or later and PI Studio to version 4.2.35 or later.
What versions are affected by CVE-2018-14810?
CVE-2018-14810 affects PI Studio HMI versions 4.1.9 and prior, and PI Studio versions 4.2.34 and prior.
What impact does CVE-2018-14810 have on my system?
CVE-2018-14810 may allow an attacker to execute arbitrary code with administrative privileges.
Are there any workarounds for CVE-2018-14810?
As a temporary workaround for CVE-2018-14810, consider limiting access to the vulnerable software until an update can be applied.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- vendor/we-con
- canonical/we-con pi studio
- version/we-con pi studio/4.2.34
- canonical/we-con pi studio hmi
- version/we-con pi studio hmi/4.1.9