Schneider Electric InduSoft Web Studio and InTouch Machine Edition

Act Now9.8ICS-CERT ICSA-18-107-01Apr 17, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability (CWE-121) exists in InduSoft Web Studio and InTouch Machine Edition 2017 in the handling of tags, alarms, and events. Successful exploitation allows remote code execution with high privileges, potentially enabling complete compromise of the HMI device. The vulnerability requires no authentication and can be triggered remotely over the network.

What this means

What could happen

An attacker could execute arbitrary code on a device running InduSoft Web Studio or InTouch Machine Edition during tag, alarm, or event operations, potentially taking full control of the HMI and the industrial processes it manages.

Who's at risk

This affects energy sector organizations (utilities, power generation, distribution) using Schneider Electric's InduSoft Web Studio or AVEVA's InTouch Machine Edition 2017 for HMI (human-machine interface) and supervisory control. Any organization relying on these applications to monitor or control industrial processes is vulnerable.

How it could be exploited

An attacker with network access to the affected device sends a specially crafted request targeting tag, alarm, or event handling functionality. This triggers a buffer overflow (CWE-121) that allows the attacker to inject and execute arbitrary code with the privileges of the running application, potentially gaining complete control of the HMI system.

Prerequisites

Network access to the InduSoft Web Studio or InTouch Machine Edition device (HTTP/HTTPS port typically 80 or 443)
No authentication credentials required for exploitation
Device running InduSoft Web Studio v8.1 or earlier, or InTouch Machine Edition 2017 v8.1 or earlier

remotely exploitableno authentication requiredlow complexity attackhigh EPSS score (37.6%)no patch available for v8.1 and earlieraffects control system HMIhigh CVSS severity (9.8)

Exploitability

High exploit probability (EPSS 37.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

InduSoft Web Studio: v8.1 and prior versions≤ 8.1v8.1 SP1 or later

InTouch Machine Edition 2017: v8.1 and prior versions≤ 8.1v8.1 SP1 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to InduSoft Web Studio and InTouch Machine Edition devices using firewall rules; do not expose these devices to the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade InduSoft Web Studio to v8.1 SP1 or later

HOTFIXUpgrade InTouch Machine Edition 2017 to v8.1 SP1 or later

Long-term hardening

0/1

HARDENINGIsolate HMI devices from the business network behind a firewall or air-gap; implement network segmentation to limit exposure

CVEs (1)

CVE-2018-8840

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b4522132-9354-49d4-b6ce-0c12d03d88db