OTPulse
FeedAboutContact

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

Act Now9.8ICS-CERT ICSA-17-313-02Nov 9, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Buffer overflow vulnerability in InduSoft Web Studio and InTouch Machine Edition v8.0 SP2 Patch 1 and prior. The vulnerability allows remote code execution without authentication via network request. Attackers can leverage publicly available exploits.

What this means
What could happen
An attacker on the network could gain complete control of the InduSoft Web Studio or InTouch Machine Edition system, allowing them to read, modify, or delete data, and execute arbitrary commands that could interrupt process monitoring and control.
Who's at risk
This affects utility and industrial control system operators running Schneider Electric InduSoft Web Studio or AVEVA InTouch Machine Edition for SCADA visualization and supervisory control, particularly in energy sector operations. Any system using v8.0 SP2 Patch 1 or earlier is vulnerable.
How it could be exploited
An attacker can send specially crafted network requests to an affected InduSoft Web Studio or InTouch system without authentication. The vulnerability allows buffer overflow, leading to remote code execution on the engineering workstation or runtime server.
Prerequisites
  • Network access to the InduSoft Web Studio or InTouch Machine Edition service port
  • No credentials or authentication required
remotely exploitableno authentication requiredlow complexitypublic exploits availablehigh CVSS (9.8)no patch available for InTouch Machine Edition
Exploitability
Moderate exploit probability (EPSS 3.5%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
InTouch Machine Edition: v8.0 SP2 Patch 1 and prior versions≤ 8.0 SP2 Patch 1No fix (EOL)
InduSoft Web Studio: v8.0 SP2 Patch 1 and prior versions≤ 8.0 SP2 Patch 18.1
Remediation & Mitigation
0/4
Do now
0/3
HOTFIXUpgrade InduSoft Web Studio to v8.1 or later as soon as possible
HOTFIXUpgrade InTouch Machine Edition to a patched version if available, or isolate affected systems from the network
HARDENINGRestrict network access to InduSoft Web Studio and InTouch Machine Edition ports to only authorized engineering workstations and supervisory systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to these systems for suspicious connection attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e30a5a31-2967-4af4-b5d2-698e6449be7d