INVT Electric VT-Designer

Monitor6.3ICS-CERT ICSA-18-333-01Nov 29, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

INVT Electric VT-Designer version 2.1.7.31 and earlier contains two vulnerabilities: improper deserialization (CWE-502) and buffer overflow (CWE-122). Successful exploitation could cause the program to crash or allow remote code execution. The vendor has not yet released mitigations or patches for these issues.

What this means

What could happen

A remote attacker could crash the VT-Designer engineering software or execute arbitrary code on the workstation running it, potentially allowing modification of industrial control system logic or parameters.

Who's at risk

This affects organizations in the energy sector (utilities, power generation, substations) that use INVT Electric VT-Designer software to configure and engineer industrial control systems. The risk is highest for engineering teams and control system integrators who have workstations with VT-Designer connected to networks that could be reached by an attacker.

How it could be exploited

An attacker could send malformed network requests to VT-Designer (CWE-502 deserialization, CWE-122 buffer overflow) or trick a user into opening a malicious file or link. If successful, the attacker gains the ability to run code with the privileges of the engineering workstation user.

Prerequisites

Network reachability to VT-Designer application port or direct interaction with a user who can be socially engineered to open a malicious file/link
VT-Designer version 2.1.7.31 or earlier installed
User interaction may be required depending on attack vector

No patch availableRemotely exploitableNo authentication requiredLow complexityAffects engineering/control system software

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

VT-Designer: 2.1.7.312.1.7.31No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate VT-Designer engineering workstations from the business network and the Internet. Place them behind a firewall with strict ingress/egress rules.

HARDENINGRestrict network access to VT-Designer to trusted engineering workstations only. Block unsolicited inbound connections at the firewall.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGEnsure all engineering workstations running VT-Designer have current antivirus and operating system patches applied.

HARDENINGIf remote access to engineering workstations is required, use a VPN with strong authentication and ensure VPN software is kept up to date.

Mitigations - no patch available

0/1

VT-Designer: 2.1.7.31 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGTrain users not to click unsolicited email links or open attachments from unknown sources, and to report suspicious communications.

CVEs (2)

CVE-2018-18987 CVE-2018-18983

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7dc7f069-7df8-4dcf-b9de-8ddc07e773ad