BLF-Tech LLC VisualView HMI
Plan Patch7ICS-CERT ICSA-17-115-01Apr 25, 2017
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
A local code execution vulnerability in VisualView HMI versions 9.9.14.0 and earlier allows an attacker to execute arbitrary code with user privileges through a malicious file or project. The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) and requires low skill to exploit, though user interaction is necessary to trigger the flaw.
What this means
What could happen
An attacker with local access and user interaction could execute arbitrary code with the privileges of the HMI user, potentially allowing them to modify process values, alarms, or operator displays in the manufacturing plant.
Who's at risk
Manufacturing plants using VisualView HMI for process monitoring and control. This affects HMI operators, engineering workstations, and any systems where VisualView is used to display or control industrial processes.
How it could be exploited
An attacker delivers a malicious file or modifies an existing HMI file (e.g., via email, USB, or file share) that triggers the vulnerability when a legitimate user opens it in VisualView HMI. The low complexity attack then executes code in the user's security context.
Prerequisites
- Local access to a machine running VisualView HMI
- User must open or interact with a malicious file or project
- No special privileges or credentials required beyond normal HMI user access
Low complexity exploitationUser interaction requiredAffects HMI operator workstations which are critical to plant visibilityNo patch available for affected versions
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
VisualView HMI:≤ 9.9.14.010.2.15.0
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict file uploads and file access to HMI workstations to trusted sources only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate VisualView HMI to version 10.2.15.0 or later
Long-term hardening
0/1HARDENINGSegment HMI workstations on a separate network from general IT infrastructure and limit incoming connections
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/958e528b-881c-4981-9d27-8f725c330807